352617 – net-proxy/tinyproxy 1.8.1 has a strcmp bug

Bug 352617 - net-proxy/tinyproxy 1.8.1 has a strcmp bug

Summary: net-proxy/tinyproxy 1.8.1 has a strcmp bug

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	New packages (show other bugs)
Hardware:	All Linux

Importance:	High critical (vote)
Assignee:	Gentoo Network Proxy Developers (OBSOLETE)

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2011-01-24 17:31 UTC by Christian Zuckschwerdt
Modified:	2011-01-25 02:05 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Christian Zuckschwerdt 2011-01-24 17:31:30 UTC

net-proxy/tinyproxy 1.8.1 has a strcmp bug (possible buffer overflow?). I experience this on hardened amd64.
The version should be bumped to 1.8.2, released 7 months ago. (tested successfully by coping the ebuild and patches to "1.8.2" version).

Reproducible: Always

Steps to Reproduce:
1. emerge net-proxy/tinyproxy (e.g. minimal debug -filter-proxy -reverse-proxy -transparent-proxy -upstream-proxy -xtinyproxy-header)
2. start, use the proxy, watch the logs



with CFLAGS -g and FEATURES nostrip gdb shows this for the worker thread

Program received signal SIGSEGV, Segmentation fault.
0x000003423415c0c6 in strcmp () from /lib/libc.so.6
(gdb) bt
#0  0x000003423415c0c6 in strcmp () from /lib/libc.so.6
#1  0x0000007b8d4a8dce in process_request (fd=<value optimized out>) at reqs.c:470
#2  handle_connection (fd=<value optimized out>) at reqs.c:1433

Comment 1 Jeroen Roovers (RETIRED) gentoo-dev

2011-01-25 02:04:12 UTC

1.8.2 is in the tree. If you mind about this package, then please open a new stabilisation bug for 1.8.2 in about a month's time.

Comment 2 Jeroen Roovers (RETIRED) gentoo-dev

2011-01-25 02:04:35 UTC

Reopen to reassign. 8-)