Bug 74496 - mm-1.1.3-8 overruns buffer in mm_core_permissions
Summary: mm-1.1.3-8 overruns buffer in mm_core_permissions
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: mm   
(Show other bugs)
Version: 7.3
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact: Brian Brock
: 74485 (view as bug list)
Depends On:
Blocks: 74485
TreeView+ depends on / blocked
Reported: 2002-09-25 12:48 UTC by Dave Kelly
Modified: 2007-04-18 16:46 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2002-12-12 11:19:11 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2002:273 high SHIPPED_LIVE Updated mm packages available 2003-02-07 15:19:58 UTC

Description Dave Kelly 2002-09-25 12:48:33 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.1a) Gecko/20020610

Description of problem:
The patch mm-1.1.3-ipcsem-perms.patch introduced in mm-1.1.3-8 is incorrect. The

+  for (i = 0; i <= sizeof(sems)/sizeof(*sems); i++) {

should be replaced by

+  for (i = 0; i < sizeof(sems)/sizeof(*sems); i++) {

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
See bug 74485 for steps to reproduce.

Actual Results:  mm_core_permissions will always operate on semaphore id=0
because of this overrun.

Expected Results:  If the patch is corrected and the library is rebuilt,
semaphore id = 0 is no longer referenced by accident.

Additional info:

Comment 1 Dave Kelly 2002-09-25 12:51:47 UTC
This appears to have been fixed in mm-1.2.1 but is not available as a RedHat 7.3

Comment 2 Joe Orton 2002-12-03 09:51:08 UTC
*** Bug 74485 has been marked as a duplicate of this bug. ***

Comment 3 Joe Orton 2002-12-12 11:19:11 UTC
An errata has been issued which should help the problem described in this bug report. 
This report is therefore being closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, please follow the link below. You may reopen 
this bug report if the solution does not work for you.


Comment 4 Paul Rubenis 2002-12-12 20:17:46 UTC
It seems that this errata fix also has a side effect of preventing any user not
allowed to write to /var/run from starting an Apache server.  Before the patch
was applied, all develpers could start/stop their instances of Apache.  Once the
patch had been applied, the following error is displayed upon startup:

Ouch! ap_mm_create(1048576, "/var/run/httpd.mm.<pid>") failed
Error: MM: mm:core: failed to open semaphore file (Permission denied): OS: No
such file or directory

Changing the permissions on the /var/run directory fixes the above, but is not a
desired long term solution.

Note You need to log in before you can comment on or make changes to this bug.