Bug 538770 - libtar: tar_append_tree() broken
libtar: tar_append_tree() broken
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: libtar (Show other bugs)
12
All Linux
high Severity high
: ---
: ---
Assigned To: Huzaifa S. Sidhpurwala
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-11-19 06:40 EST by Daniel Novotny
Modified: 2009-12-17 23:35 EST (History)
2 users (show)

See Also:
Fixed In Version: 1.2.11-15.fc12
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-12-17 18:51:18 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
a simple program which crashes in libtar (1.50 KB, application/zip)
2009-11-19 06:42 EST, Daniel Novotny
no flags Details

  None (edit)
Description Daniel Novotny 2009-11-19 06:40:57 EST
Description of problem:
we are developing ABRT component for Fedora and need to create archives.
this simple code

int create_tar(const char * archive_name, const char * directory)
{
    TAR *tar; 

    tar_open(&tar, (char *)archive_name, NULL, O_WRONLY | O_CREAT, 0644, TAR_GNU);
    tar_append_tree(tar, (char *)directory, ".");
    tar_close(tar);
    return 0;
}

crashes, but it worked before (in F11 and older rawhide)
the crash is this:

[danny@rawhide ca]$ ./create_archive xx.tar ~/ca
*** buffer overflow detected ***: ./create_archive terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x4d)[0x21d70d]
/lib/libc.so.6[0x21b79a]
/lib/libc.so.6(__strncpy_chk+0x176)[0x21ad86]
/usr/lib/libtar.so.1(th_finish+0x4a)[0x64f56a]
/usr/lib/libtar.so.1(th_write+0x388)[0x64ecf8]
/usr/lib/libtar.so.1(tar_append_file+0x1a0)[0x64e380]
/usr/lib/libtar.so.1(tar_append_tree+0x54)[0x651db4]
./create_archive[0x8048bd5]
./create_archive[0x8048ed7]
./create_archive[0x8048f62]
/lib/libc.so.6(__libc_start_main+0xe6)[0x13cb36]
./create_archive[0x80489a1]
======= Memory map: ========
00102000-00122000 r-xp 00000000 fd:00 188536     /lib/ld-2.10.90.so
00122000-00123000 r--p 0001f000 fd:00 188536     /lib/ld-2.10.90.so
00123000-00124000 rw-p 00020000 fd:00 188536     /lib/ld-2.10.90.so
00126000-0029a000 r-xp 00000000 fd:00 188569     /lib/libc-2.10.90.so
0029a000-0029b000 ---p 00174000 fd:00 188569     /lib/libc-2.10.90.so
0029b000-0029d000 r--p 00174000 fd:00 188569     /lib/libc-2.10.90.so
0029d000-0029e000 rw-p 00176000 fd:00 188569     /lib/libc-2.10.90.so
0029e000-002a1000 rw-p 00000000 00:00 0 
0040d000-0040e000 r-xp 00000000 00:00 0          [vdso]
004a1000-004b1000 r-xp 00000000 fd:00 188894     /lib/libbz2.so.1.0.4
004b1000-004b2000 rw-p 00010000 fd:00 188894     /lib/libbz2.so.1.0.4
0064c000-00654000 r-xp 00000000 fd:00 34056      /usr/lib/libtar.so.1.2.11
00654000-00655000 rw-p 00008000 fd:00 34056      /usr/lib/libtar.so.1.2.11
00655000-00657000 rw-p 00000000 00:00 0 
00726000-00738000 r-xp 00000000 fd:00 188652     /lib/libz.so.1.2.3
00738000-00739000 rw-p 00011000 fd:00 188652     /lib/libz.so.1.2.3
0095f000-00969000 r-xp 00000000 fd:00 39468      /usr/lib/libzip.so.1.0.0
00969000-0096a000 rw-p 00009000 fd:00 39468      /usr/lib/libzip.so.1.0.0
00d72000-00d9c000 r-xp 00000000 fd:00 188576     /lib/libgcc_s-4.4.1-20090725.so.1
00d9c000-00d9d000 rw-p 00029000 fd:00 188576     /lib/libgcc_s-4.4.1-20090725.so.1
00edf000-00eea000 r-xp 00000000 fd:00 188685     /lib/libnss_files-2.10.90.so
00eea000-00eeb000 r--p 0000a000 fd:00 188685     /lib/libnss_files-2.10.90.so
00eeb000-00eec000 rw-p 0000b000 fd:00 188685     /lib/libnss_files-2.10.90.so
08048000-0804a000 r-xp 00000000 fd:00 314441     /home/danny/ca/create_archive
0804a000-0804b000 rw-p 00001000 fd:00 314441     /home/danny/ca/create_archive
09816000-09837000 rw-p 00000000 00:00 0          [heap]
b7ee4000-b7ee6000 rw-p 00000000 00:00 0 
b7f01000-b7f02000 rw-p 00000000 00:00 0 
bf963000-bf978000 rw-p 00000000 00:00 0          [stack]
Aborted (core dumped)

Version-Release number of selected component (if applicable):
libtar-1.2.11-14.fc12.i686

How reproducible:
always

Steps to Reproduce:
1. compile the program in the attachment ("make")
2. run it ("./create_archive foo.tar some_dir/")
3. watch the crash
  
Actual results:
crash, seen above

Expected results:
tar archive to be created

Additional info:
there's a little annoyance, that the char * parameters with path and filename are not const char *, so I have to do this ugly typecast. this isn't worth bugzilla entry by itself, but as I'm already creating one, I can mention that as well
Comment 1 Daniel Novotny 2009-11-19 06:42:36 EST
Created attachment 370317 [details]
a simple program which crashes in libtar
Comment 2 Huzaifa S. Sidhpurwala 2009-11-20 04:09:42 EST
(gdb) bt
#0  0x0023b424 in __kernel_vsyscall ()
#1  0x00449a81 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#2  0x0044b34a in abort () at abort.c:92
#3  0x00486e5d in __libc_message (do_abort=<value optimized out>, fmt=<value optimized out>) at ../sysdeps/unix/sysv/linux/libc_fatal.c:186
#4  0x00512c5d in __fortify_fail (msg=<value optimized out>) at fortify_fail.c:32
#5  0x00510d7a in __chk_fail () at chk_fail.c:29
#6  0x00510366 in __strncpy_chk (s1=<value optimized out>, s2=<value optimized out>, n=<value optimized out>, s1len=<value optimized out>)
    at strncpy_chk.c:34
#7  0x002c556a in strncpy (__len=8, __src=0x69d3 <Address 0x69d3 out of bounds>, __dest=<value optimized out>) at /usr/include/bits/string3.h:122
#8  th_finish (__len=8, __src=0x69d3 <Address 0x69d3 out of bounds>, __dest=<value optimized out>) at encode.c:33
#9  0x002c4cf8 in th_write (t=<value optimized out>) at block.c:363
#10 0x002c4380 in tar_append_file (t=<value optimized out>, realname=<value optimized out>, savename=<value optimized out>) at append.c:169
#11 0x002c7db4 in tar_append_tree (t=<value optimized out>, realdir=<value optimized out>, savedir=<value optimized out>) at wrapper.c:107
#12 0x08048bd5 in create_tar (archive_name=0xbffff86d "foo.tar", directory=0xbffff875 "rpm") at create_archive.c:68
#13 0x08048ed7 in create_archive (archive_name=0xbffff86d "foo.tar", directory=0xbffff875 "rpm") at create_archive.c:141
#14 0x08048f62 in main (argc=3, argv=0xbffff714) at create_archive.c:155
(gdb)
Comment 3 Fedora Update System 2009-11-20 05:22:53 EST
libtar-1.2.11-15.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/libtar-1.2.11-15.fc12
Comment 4 Huzaifa S. Sidhpurwala 2009-11-20 05:24:05 EST
Hi,
Please try libtar-1.2.11-15.fc12,
This fixes the issue.
Comment 5 Daniel Novotny 2009-11-20 09:16:52 EST
yes, this works, thanks
Comment 6 Steve Traylen 2009-11-20 11:02:52 EST
Does this hit the epel builds as well.
Comment 7 Fedora Update System 2009-11-24 02:10:59 EST
libtar-1.2.11-13.el5 has been submitted as an update for Fedora EPEL 5.
http://admin.fedoraproject.org/updates/libtar-1.2.11-13.el5
Comment 8 Fedora Update System 2009-11-24 02:37:37 EST
libtar-1.2.11-15.fc12 has been pushed to the Fedora 12 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update libtar'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F12/FEDORA-2009-11903
Comment 9 Fedora Update System 2009-11-24 14:23:51 EST
libtar-1.2.11-13.el5 has been pushed to the Fedora EPEL 5 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update libtar'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/EL-5/FEDORA-EPEL-2009-0895
Comment 10 Fedora Update System 2009-12-17 18:51:11 EST
libtar-1.2.11-13.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 11 Fedora Update System 2009-12-17 23:35:25 EST
libtar-1.2.11-15.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.