Bug 978872 - stdsoap2.h: struct soap should match exactly with what libgsoap uses
Summary: stdsoap2.h: struct soap should match exactly with what libgsoap uses
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: gsoap
Version: 20
Hardware: All
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Mattias Ellert
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-06-27 09:12 UTC by Dennis van Dok
Modified: 2013-11-10 06:16 UTC (History)
2 users (show)

Fixed In Version: gsoap-2.8.12-4.fc20
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-10-27 03:53:42 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Debian BTS 712685 0 None None None Never

Description Dennis van Dok 2013-06-27 09:12:37 UTC
Description of problem:

gsoap installs stdsoap2.h (it is in package gsoap-devel), with no changes
from the sources. This file contains many #ifdef ... #endif constructs
to select features.

This file is used at build time of libgsoap.so; one of the datastructures
in this library is called struct SOAP_STD_API soap. Depending on the use of
the WITH_IPV6 flag, the size of one of its fields differs:

#ifdef WITH_IPV6
  struct sockaddr_storage peer;	/* IPv6: set by soap_accept and by UDP recv */
#else
  struct sockaddr_in peer;	/* IPv4: set by soap_connect/soap_accept and by UDP recv */
#endif

Applications that build and link to libgsoap *must* match this choice exactly,
at the risk of misaligning the fields of struct soap which could result in
crashes. This also leads to potential security vulnerabilities. It is particulary
unsafe to forget -DWITH_IPV6 when building against libgsoap.so.

The choices for libgsoap are recorded in the pkgconfig files
(gsoap.pc), but rather than relying on pkgconfig, it would seem safer
to install a version of stdsoap2.h that fixes all such choices
according to what was chosen for libgsoap.so.

How reproducible:

Easy

Steps to Reproduce:
1. build any application linking against libgsoap.so, without using -DWITH_IPV6
2. run and crash


Additional info:

I think that this could be addressed upstream.

Comment 1 Fedora End Of Life 2013-09-16 14:16:56 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 20 development cycle.
Changing version to '20'.

More information and reason for this action is here:
https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora20

Comment 2 Fedora Update System 2013-10-17 06:50:57 UTC
gsoap-2.7.16-4.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/gsoap-2.7.16-4.el6

Comment 3 Fedora Update System 2013-10-17 06:51:08 UTC
gsoap-2.8.12-4.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/gsoap-2.8.12-4.fc20

Comment 4 Fedora Update System 2013-10-17 06:51:18 UTC
gsoap-2.8.12-4.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/gsoap-2.8.12-4.fc19

Comment 5 Fedora Update System 2013-10-17 06:51:30 UTC
gsoap-2.7.13-5.el5 has been submitted as an update for Fedora EPEL 5.
https://admin.fedoraproject.org/updates/gsoap-2.7.13-5.el5

Comment 6 Fedora Update System 2013-10-17 18:03:36 UTC
Package gsoap-2.7.13-5.el5:
* should fix your issue,
* was pushed to the Fedora EPEL 5 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=epel-testing gsoap-2.7.13-5.el5'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11849/gsoap-2.7.13-5.el5
then log in and leave karma (feedback).

Comment 7 Fedora Update System 2013-10-27 03:53:42 UTC
gsoap-2.8.12-4.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 8 Fedora Update System 2013-10-27 05:37:55 UTC
gsoap-2.8.12-4.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 9 Fedora Update System 2013-11-01 21:06:05 UTC
gsoap-2.7.13-5.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 10 Fedora Update System 2013-11-01 21:10:59 UTC
gsoap-2.7.16-4.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 11 Fedora Update System 2013-11-10 06:16:09 UTC
gsoap-2.8.12-4.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.