Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 74496 - mm-1.1.3-8 overruns buffer in mm_core_permissions
mm-1.1.3-8 overruns buffer in mm_core_permissions
Status: CLOSED ERRATA
Product: Red Hat Linux
Classification: Retired
Component: mm (Show other bugs)
7.3
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Brian Brock
:
: 74485 (view as bug list)
Depends On:
Blocks: 74485
  Show dependency treegraph
 
Reported: 2002-09-25 08:48 EDT by Dave Kelly
Modified: 2007-04-18 12:46 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-12-12 06:19:11 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2002:273 high SHIPPED_LIVE Updated mm packages available 2003-02-07 10:19:58 EST

  None (edit)
Description Dave Kelly 2002-09-25 08:48:33 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.1a) Gecko/20020610

Description of problem:
The patch mm-1.1.3-ipcsem-perms.patch introduced in mm-1.1.3-8 is incorrect. The
line:

+  for (i = 0; i <= sizeof(sems)/sizeof(*sems); i++) {

should be replaced by

+  for (i = 0; i < sizeof(sems)/sizeof(*sems); i++) {

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
See bug 74485 for steps to reproduce.

Actual Results:  mm_core_permissions will always operate on semaphore id=0
because of this overrun.

Expected Results:  If the patch is corrected and the library is rebuilt,
semaphore id = 0 is no longer referenced by accident.

Additional info:
Comment 1 Dave Kelly 2002-09-25 08:51:47 EDT
This appears to have been fixed in mm-1.2.1 but is not available as a RedHat 7.3
update.
Comment 2 Joe Orton 2002-12-03 04:51:08 EST
*** Bug 74485 has been marked as a duplicate of this bug. ***
Comment 3 Joe Orton 2002-12-12 06:19:11 EST
An errata has been issued which should help the problem described in this bug report. 
This report is therefore being closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, please follow the link below. You may reopen 
this bug report if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2002-273.html
Comment 4 Paul Rubenis 2002-12-12 15:17:46 EST
It seems that this errata fix also has a side effect of preventing any user not
allowed to write to /var/run from starting an Apache server.  Before the patch
was applied, all develpers could start/stop their instances of Apache.  Once the
patch had been applied, the following error is displayed upon startup:

Ouch! ap_mm_create(1048576, "/var/run/httpd.mm.<pid>") failed
Error: MM: mm:core: failed to open semaphore file (Permission denied): OS: No
such file or directory

Changing the permissions on the /var/run directory fixes the above, but is not a
desired long term solution.

Note You need to log in before you can comment on or make changes to this bug.