Bug 895072 - Possible crash when handling deletion requests
Summary: Possible crash when handling deletion requests
Keywords:
Status: CLOSED DUPLICATE of bug 895139
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: memcached
Version: el5
Hardware: All
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Paul Lindner
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-01-14 13:27 UTC by Jeremy Sowden
Modified: 2014-01-15 11:01 UTC (History)
3 users (show)

Fixed In Version:
Clone Of: CVE-2013-0179
Environment:
Last Closed: 2014-01-15 11:01:55 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Jeremy Sowden 2013-01-14 13:27:36 UTC 
+++ This bug was initially created as a clone of Bug #895054 +++

Description of problem:

When run with "-vv", on receipt of a binary-protocol deletion request, memcached prints out the key to be deleted in a way that can lead to a buffer overrun and crash.

Version-Release number of selected component (if applicable):

1.4.5, although this currently affects all later versions.

How reproducible:

Run memcached with "-vv", use memrm to send deletion requests and observe output.

Steps to Reproduce:

1. memcached -p 12345 -vv 2>&1 | grep '^Deleting'
2. memrm --servers localhost:12345 --binary ABCDEF xyz
3. Check the output from memcached.

Actual results:

[jsowden:~] $ memcached -p 2300 -m 64 -c 1024 -r -vv 2>&1 | grep 'Deleting'
Deleting ABCDEF
Deleting xyzDEF

Expected results:

[jsowden:~] $ memcached -p 2300 -m 64 -c 1024 -r -vv 2>&1 | grep 'Deleting'
Deleting ABCDEF
Deleting xyz

Additional info:

I've opened a bug report upstream: https://code.google.com/p/memcached/issues/detail?id=306
Comment 1 Miroslav Lichvar 2014-01-15 11:01:55 UTC 

*** This bug has been marked as a duplicate of bug 895139 ***
Note You need to log in before you can comment on or make changes to this bug.