Bug 632384 - buffer overflow in star revisited
Summary: buffer overflow in star revisited
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: star
Version: 13
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Ondrej Vasik
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: 635559
TreeView+ depends on / blocked
 
Reported: 2010-09-09 19:49 UTC by wolfgang pichler
Modified: 2010-09-24 20:33 UTC (History)
2 users (show)

Fixed In Version: star-1.5.1-4.fc13
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 635559 (view as bug list)
Environment:
Last Closed: 2010-09-23 12:34:24 UTC


Attachments (Terms of Use)

Description wolfgang pichler 2010-09-09 19:49:16 UTC
Description of problem:


same as bug 556664 for f12

my stacktrace :

*** buffer overflow detected ***: star terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x4d)[0x2e3fcd]
/lib/libc.so.6[0x2e1ffa]
/lib/libc.so.6(__strcpy_chk+0x44)[0x2e12d4]
star[0x806e15d]
star[0x805d9e4]
star[0x805e7fe]
star[0x805e7fe]
star[0x805e7fe]
star[0x805e7fe]
star[0x805e7fe]
star[0x805e7fe]
star[0x805e7fe]
star[0x805e7fe]
star[0x805e7fe]
star[0x805eb7f]
star[0x804c201]
star[0x804ecbb]
/lib/libc.so.6(__libc_start_main+0xe6)[0x202cc6]
star[0x804a121]
======= Memory map: ========
001ca000-001e8000 r-xp 00000000 fd:00 5450       /lib/ld-2.12.so
001e8000-001e9000 r--p 0001d000 fd:00 5450       /lib/ld-2.12.so
001e9000-001ea000 rw-p 0001e000 fd:00 5450       /lib/ld-2.12.so
001ec000-00371000 r-xp 00000000 fd:00 5452       /lib/libc-2.12.so
00371000-00372000 ---p 00185000 fd:00 5452       /lib/libc-2.12.so
00372000-00374000 r--p 00185000 fd:00 5452       /lib/libc-2.12.so
00374000-00375000 rw-p 00187000 fd:00 5452       /lib/libc-2.12.so
00375000-00378000 rw-p 00000000 00:00 0
00397000-0039a000 r-xp 00000000 fd:00 5760       /lib/libdl-2.12.so
0039a000-0039b000 r--p 00002000 fd:00 5760       /lib/libdl-2.12.so
0039b000-0039c000 rw-p 00003000 fd:00 5760       /lib/libdl-2.12.so
004ec000-00508000 r-xp 00000000 fd:00 7590       /lib/libselinux.so.1
00508000-00509000 r--p 0001b000 fd:00 7590       /lib/libselinux.so.1
00509000-0050a000 rw-p 0001c000 fd:00 7590       /lib/libselinux.so.1
00652000-0065e000 r-xp 00000000 fd:00 5461       /lib/libnss_files-2.12.so
0065e000-0065f000 r--p 0000b000 fd:00 5461       /lib/libnss_files-2.12.so
0065f000-00660000 rw-p 0000c000 fd:00 5461       /lib/libnss_files-2.12.so
00810000-00817000 r-xp 00000000 fd:00 12902      /lib/libacl.so.1.1.0
00817000-00818000 rw-p 00006000 fd:00 12902      /lib/libacl.so.1.1.0
0098e000-00994000 r-xp 00000000 fd:00 69172      /lib/libnss_winbind.so.2
00994000-00995000 rw-p 00006000 fd:00 69172      /lib/libnss_winbind.so.2
00995000-0099a000 rw-p 00000000 00:00 0
00ba3000-00ba4000 r-xp 00000000 00:00 0          [vdso]
00deb000-00def000 r-xp 00000000 fd:00 11351      /lib/libattr.so.1.1.0
00def000-00df0000 rw-p 00003000 fd:00 11351      /lib/libattr.so.1.1.0
05459000-05476000 r-xp 00000000 fd:00 7671       /lib/libgcc_s-4.4.4-20100630.so.1
05476000-05477000 rw-p 0001d000 fd:00 7671       /lib/libgcc_s-4.4.4-20100630.so.1
08047000-08097000 r-xp 00000000 fd:00 33236      /usr/bin/star
08097000-0809a000 rw-p 0004f000 fd:00 33236      /usr/bin/star
0809a000-080b0000 rw-p 00000000 00:00 0
0901f000-09040000 rw-p 00000000 00:00 0          [heap]
6f767000-9f76b000 rw-p 00000000 00:00 0
9f76b000-b7788000 rw-s 00000000 00:04 29415      /dev/zero (deleted)
b7788000-b778a000 rw-p 00000000 00:00 0
b7799000-b779b000 rw-p 00000000 00:00 0
bfd6d000-bfdbb000 rw-p 00000000 00:00 0          [stack]

invoking command :

star -c -v -time -fifostats -multivol VOLHDR="2010_09_09__18_37 DATA" new-volume-script=/rbin/mtchgR.pl f=/dev/nst0 H=exustar -xfflags -xattr -sparse fs=384m errctl=/tmp/s2t.61pDJmbmKd -C /srv/save samba grass streeruwitz IMG2

/tmp/s2t.61pDJmbmKd :

GETXATTR *
GETACL *
READLINK *
MISSLINK *
SPECIALFILE *

last path processed :

a samba/public/other/Leth/PENDOways2go/DATEN/testdaten/Mikrozensus/zip/mz_2002_1_quartal_metadaten_forschung_und_lehre_LatestReleased_021828.zip 2137684 bytes, 4176 tape blocks

yield ERRNO 134

------------------------

rpm -qv star : star-1.5.1-2.fc13.i686

/usr/bin/star --version : star: star 1.5.1 (i686-redhat-linux-gnu)

coredump-file (abrt) available upon request ;-))

Comment 1 Ondrej Vasik 2010-09-11 11:18:09 UTC
Thanks for report - I don't think that this is dupe of #556664 - as that bug was fixed in f13 branch as well ... see http://pkgs.fedoraproject.org/gitweb/?p=star.git;a=shortlog;h=refs/heads/f13/master and changelog of star-1.5.1-2.fc13 package. Maybe another instance or incomplete fix...

Could you please provide backtrace with star debuginfo installed? TIA.

Comment 2 wolfgang pichler 2010-09-11 12:01:26 UTC
#0  0x00ba3416 in __kernel_vsyscall ()
#1  0x00216d11 in raise () from /lib/libc.so.6
#2  0x002185ea in abort () from /lib/libc.so.6
#3  0x00254b9d in __libc_message () from /lib/libc.so.6
#4  0x002e3fcd in __fortify_fail () from /lib/libc.so.6
#5  0x002e1ffa in __chk_fail () from /lib/libc.so.6
#6  0x002e12d4 in __strcpy_chk () from /lib/libc.so.6
#7  0x0806e15d in strcpy (info=0xbfd9216c, ptb=0xbfd91eec)
    at /usr/include/bits/string3.h:107
#8  name_to_tcb (info=0xbfd9216c, ptb=0xbfd91eec) at longnames.c:201
#9  0x0805d9e4 in createi (
    sname=0xbfd9425a "samba/public/other/Leth/PENDOways2go/DATEN/testdaten/Mikrozensus/zip/mz_2004_2_quartal_metadaten_arbeitsorganisation_und_arbeitszeitgestaltung__LatestReleased_021833.zip",
    name=0xbfd9425a "samba/public/other/Leth/PENDOways2go/DATEN/testdaten/Mikrozensus/zip/mz_2004_2_quartal_metadaten_arbeitsorganisation_und_arbeitszeitgestaltung__LatestReleased_021833.zip", namlen=169, info=0xbfd9216c, last=0xbfd92234)
    at create.c:556
#10 0x0805e7fe in put_dir (
    sname=0xbfd985ca "samba/public/other/Leth/PENDOways2go/DATEN/testdaten/Mikrozensus/zip", name=<value optimized out>, namlen=69, info=0xbfd964dc,
    last=0xbfd965a4) at create.c:1648
#11 createi (
    sname=0xbfd985ca "samba/public/other/Leth/PENDOways2go/DATEN/testdaten/Mikrozensus/zip", name=<value optimized out>, namlen=69, info=0xbfd964dc,
    last=0xbfd965a4) at create.c:580
#12 0x0805e7fe in put_dir (
    sname=0xbfd9c93a "samba/public/other/Leth/PENDOways2go/DATEN/testdaten/Mikrozensus", name=<value optimized out>, namlen=65, info=0xbfd9a84c,
    last=0xbfd9a914) at create.c:1648
#13 createi (
    sname=0xbfd9c93a "samba/public/other/Leth/PENDOways2go/DATEN/testdaten/Mikrozensus", name=<value optimized out>, namlen=65, info=0xbfd9a84c,
    last=0xbfd9a914) at create.c:580
#14 0x0805e7fe in put_dir (
    sname=0xbfda0caa "samba/public/other/Leth/PENDOways2go/DATEN/testdaten",
    name=<value optimized out>, namlen=53, info=0xbfd9ebbc, last=0xbfd9ec84)
    at create.c:1648
#15 createi (
    sname=0xbfda0caa "samba/public/other/Leth/PENDOways2go/DATEN/testdaten",
    name=<value optimized out>, namlen=53, info=0xbfd9ebbc, last=0xbfd9ec84)
    at create.c:580
#16 0x0805e7fe in put_dir (
    sname=0xbfda501a "samba/public/other/Leth/PENDOways2go/DATEN",
    name=<value optimized out>, namlen=43, info=0xbfda2f2c, last=0xbfda2ff4)
    at create.c:1648
#17 createi (sname=0xbfda501a "samba/public/other/Leth/PENDOways2go/DATEN",
    name=<value optimized out>, namlen=43, info=0xbfda2f2c, last=0xbfda2ff4)
    at create.c:580
#18 0x0805e7fe in put_dir (
    sname=0xbfda938a "samba/public/other/Leth/PENDOways2go",
    name=<value optimized out>, namlen=37, info=0xbfda729c, last=0xbfda7364)
    at create.c:1648
#19 createi (sname=0xbfda938a "samba/public/other/Leth/PENDOways2go",
    name=<value optimized out>, namlen=37, info=0xbfda729c, last=0xbfda7364)
    at create.c:580
#20 0x0805e7fe in put_dir (sname=0xbfdad6fa "samba/public/other/Leth",
    name=<value optimized out>, namlen=24, info=0xbfdab60c, last=0xbfdab6d4)
    at create.c:1648
#21 createi (sname=0xbfdad6fa "samba/public/other/Leth",
    name=<value optimized out>, namlen=24, info=0xbfdab60c, last=0xbfdab6d4)
    at create.c:580
#22 0x0805e7fe in put_dir (sname=0xbfdb1a6a "samba/public/other",
    name=<value optimized out>, namlen=19, info=0xbfdaf97c, last=0xbfdafa44)
    at create.c:1648
#23 createi (sname=0xbfdb1a6a "samba/public/other",
    name=<value optimized out>, namlen=19, info=0xbfdaf97c, last=0xbfdafa44)
    at create.c:580
#24 0x0805e7fe in put_dir (sname=0xbfdb5dda "samba/public",
    name=<value optimized out>, namlen=13, info=0xbfdb3cec, last=0xbfdb3db4)
    at create.c:1648
#25 createi (sname=0xbfdb5dda "samba/public", name=<value optimized out>,
    namlen=13, info=0xbfdb3cec, last=0xbfdb3db4) at create.c:580
#26 0x0805e7fe in put_dir (sname=0xbfdba338 "samba",
    name=<value optimized out>, namlen=6, info=0xbfdb8018, last=0x0)
    at create.c:1648
#27 createi (sname=0xbfdba338 "samba", name=<value optimized out>, namlen=6,
    info=0xbfdb8018, last=0x0) at create.c:580
#28 0x0805eb7f in create (name=0xbfdba338 "samba", Hflag=0, forceadd=0)
    at create.c:472
#29 0x0804c201 in star_create (ac=4, av=0xbfdb8388) at star.c:775
#30 0x0804ecbb in main (ac=21, av=0xbfdb8344) at star.c:546


greez w

Comment 3 Ondrej Vasik 2010-09-13 14:51:42 UTC
Thanks, so it is same issue but on different line ... will fix that soon...

Comment 4 wolfgang pichler 2010-09-13 19:48:30 UTC
great
next run of star is scheduled thu 18:00 mest ;-))

Comment 5 Fedora Update System 2010-09-15 14:06:19 UTC
star-1.5.1-4.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/star-1.5.1-4.fc14

Comment 6 Fedora Update System 2010-09-15 14:08:17 UTC
star-1.5.1-4.fc13 has been submitted as an update for Fedora 13.
https://admin.fedoraproject.org/updates/star-1.5.1-4.fc13

Comment 7 Fedora Update System 2010-09-15 22:33:13 UTC
star-1.5.1-4.fc13 has been pushed to the Fedora 13 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update star'.  You can provide feedback for this update here: https://admin.fedoraproject.org/updates/star-1.5.1-4.fc13

Comment 8 wolfgang pichler 2010-09-16 07:46:42 UTC
(In reply to comment #7)

thank you for the fast patch - i'll test it today /w apporx 700gb ...

Comment 9 Fedora Update System 2010-09-23 12:34:19 UTC
star-1.5.1-4.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 10 Fedora Update System 2010-09-24 20:33:53 UTC
star-1.5.1-4.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.