Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 125622 - app-arch/zoo: New buffer overflow
Summary: app-arch/zoo: New buffer overflow
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/bugzilla/...
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2006-03-09 10:15 UTC by Thierry Carrez (RETIRED)
Modified: 2006-03-16 02:16 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thierry Carrez (RETIRED) gentoo-dev 2006-03-09 10:15:27 UTC
From Josh Bressers @RedHat :

A buffer overflow bug exists in zoo which is triggered during archive creation.
This issue is borderline a bug as it's really only a problem if someone is
creating a zoo archive on a directory full of files controlled by a local attacker.

Here is how to reproduce this issue:

mkdir `perl -e 'print "A"x254'`
cd `perl -e 'print "A"x254'`
mkdir `perl -e 'print "A"x254'`
cd `perl -e 'print "A"x254'`
touch feh
cd ../..
zoo a arch.zoo `perl -e 'print "A"x254 . "/" . "A"x254 . "/feh"'`


To fix this issue, in parse.c, line 42, Change the line:

strcpy (tempname, fname);
to
strncpy(tempname, fname, LFNAMESIZE);
Comment 1 SpanKY gentoo-dev 2006-03-09 16:37:24 UTC
zoo-2.10-r2 now in portage
Comment 2 Thierry Carrez (RETIRED) gentoo-dev 2006-03-10 10:27:35 UTC
Arches please test and mark stable
Comment 3 Markus Rothe (RETIRED) gentoo-dev 2006-03-10 11:40:11 UTC
stable on ppc64
Comment 4 Torsten Veller (RETIRED) gentoo-dev 2006-03-10 11:54:09 UTC
Stable on x86.
Comment 5 Tobias Scherbaum (RETIRED) gentoo-dev 2006-03-10 13:30:17 UTC
ppc stable
Comment 6 Thomas Cort (RETIRED) gentoo-dev 2006-03-10 15:14:34 UTC
I tested app-arch/zoo-2.10-r2 on alpha and it fixes the bug. Using the example from Josh Bressers @RedHat, zoo-2.10-r2 outputs: "Zoo:  FATAL:  Combined dirname and filename too long!" instead of segfaulting like in zoo-2.10-r1.

# emerge --info

Portage 2.1_pre5-r4 (default-linux/alpha/no-nptl/2.4, gcc-3.4.4, glibc-2.3.5-r3, 2.4.32 alpha)
=================================================================
System uname: 2.4.32 alpha EV56
Gentoo Base System version 1.12.0_pre16
dev-lang/python:     2.3.5, 2.4.2-r1
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1
sys-devel/binutils:  2.16.1-r2
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.4.26-r1
ACCEPT_KEYWORDS="alpha ~alpha"
AUTOCLEAN="yes"
CBUILD="alpha-unknown-linux-gnu"
CFLAGS="-mieee -pipe -O2 -mcpu=ev56"
CHOST="alpha-unknown-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/lib/X11/xkb /usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-mieee -pipe -O2 -mcpu=ev56"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig collision-protect distlocks maketest sandbox sfperms strict"
GENTOO_MIRRORS="http://gentoo.osuosl.org/ http://adelie.polymtl.ca/ http://distro.ibiblio.org/pub/linux/distributions/gentoo/ http://www.gtlib.gatech.edu/pub/gentoo http://ftp.ucsb.edu/pub/mirrors/linux/gentoo/ http://gentoo.seren.com/gentoo http://gentoo.chem.wisc.edu/gentoo/ http://cudlug.cudenver.edu/gentoo/ http://gentoo.mirrors.pair.com/ http://gentoo.mirrors.tds.net/gentoo http://gentoo.netnitco.net http://mirror.espri.arizona.edu/gentoo/ http://mirrors.acm.cs.rpi.edu/gentoo/ http://gentoo.arcticnetwork.ca/ http://open-systems.ufl.edu/mirrors/gentoo http://gentoo.llarian.net/ http://gentoo.binarycompass.org http://gentoo.mirrored.ca/ http://mirror.datapipe.net/gentoo http://gentoo.cs.lewisu.edu/gentoo/ http://prometheus.cs.wmich.edu/gentoo http://modzer0.cs.uaf.edu/public/gentoo/ http://mirror.usu.edu/mirrors/gentoo/ http://mirror.phy.olemiss.edu/mirror/gentoo http://mirror.mcs.anl.gov/pub/gentoo/ http://gentoo.mirrors.easynews.com/linux/gentoo/ http://gentoo.cites.uiuc.edu/pub/gentoo/ http://mirror.clarkson.edu/pub/distributions/gentoo/ http://cdot.senecac.on.ca/software/gentoo/"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="alpha X aac aalib aim alsa apache2 artworkextra async audacious audiofile bash-completion berkdb binfilter bitmap-fonts bittorrent bl bonjour c++ cairo calendar cdinstall cdparanoia cdr cdrom chroot cli config_wizard cracklib crypt cscope csv ctype cups curl curlwrappers cvs cvsgraph dhcp dillo dri editor eds elf encode epiphany escreen esd ethereal extraicons extras ffmpeg fftw figlet firefox flac ftp gdb gdbm gif glep gnome gnutls gpm grammar gsl gstreamer gtalk gtk gtk2 gtkspell gvim gzip html icq id3 imlib ipod ipv6 jabber javascript jpeg justify ladspa lame libg++ libsexy libwww lite lj logrotate lua mad mapeditor md5sum mikmod motif moznoirc moznomail moznoroaming mozsha1 mp3 mpeg mpeg2 mplayer msn msnextras music ncurses net nethack nls offensive ogg oggvorbis opengl openssh openssl oscar oss pam pdflib perl png python quicktime quotes readline real recode reiserfs scp screen sdl sftp skins sndfile sockets sounds sox speech spell ssl subversion symlink syslog tcpd threads truetype truetype-fonts type1-fonts udev userlocales vcd videos vim vim-with-x vorbis wma wma123 xml xml2 xmlreader xmms xv xvid yahoo zip zlib elibc_glibc kernel_linux userland_GNU"
Unset:  ASFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, LANG, LC_ALL, LDFLAGS, LINGUAS
Comment 7 Fernando J. Pereda (RETIRED) gentoo-dev 2006-03-10 15:59:16 UTC
Alpha done. Thanks Thomas.
Comment 8 Jason Wever (RETIRED) gentoo-dev 2006-03-10 16:34:15 UTC
SPARC'd
Comment 9 Simon Stelling (RETIRED) gentoo-dev 2006-03-12 09:49:00 UTC
amd64 stable
Comment 10 Stefan Cornelius (RETIRED) gentoo-dev 2006-03-16 02:16:43 UTC
GLSA 200603-12

Thanks everybody