Bug 186680 - eximon buffer overflow
Summary: eximon buffer overflow
Status: CLOSED DUPLICATE of bug 186303
Alias: None
Product: Fedora
Classification: Fedora
Component: exim   
(Show other bugs)
Version: 4
Hardware: All Linux
medium
medium
Target Milestone: ---
Assignee: David Woodhouse
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-03-25 11:21 UTC by Frank Mueller
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-03-25 11:46:33 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Frank Mueller 2006-03-25 11:21:46 UTC
Description of problem:

eximon dies on Fedora 4 with the following message, worked fine in Fedora 3.
Problem still present in recent 4.60-4 update

Exim Monitor version 2.05 (compiled 5-Oct-2005 06:17:32) initializing
.*** buffer overflow detected ***: /usr/sbin/eximon.bin terminated

Reason: in FC4 glibc has been compiled with FORTIFY_SOURCE. 
basename is defined to short to hold the \0

Patch that worked for me and has been included upstream (bug #73 on exim.org)

--- exim-4.54/exim_monitor/em_queue.c.orig      2006-01-22 11:00:03.000000000 +0100
+++ exim-4.54/exim_monitor/em_queue.c   2006-01-22 10:58:42.000000000 +0100
@@ -497,7 +497,7 @@
         name[SPOOL_NAME_LENGTH - 2] == '-' &&
         name[SPOOL_NAME_LENGTH - 1] == 'H')
       {
-      uschar basename[SPOOL_NAME_LENGTH];
+      uschar basename[SPOOL_NAME_LENGTH+1];
       stripchart_total[0]++;
       if (!eximon_initialized) { printf("."); fflush(stdout); }
       Ustrcpy(basename, name);

Additional info:

Comment 1 David Woodhouse 2006-03-25 11:46:33 UTC
Problem no longer present in even _more_ recent 4.60-5 update.

*** This bug has been marked as a duplicate of 186303 ***


Note You need to log in before you can comment on or make changes to this bug.