Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 127592

Summary: mail-mta/ssmtp-2.61-r2 stabilization request
Product: Gentoo Linux Reporter: Xuefer <Xuefer>
Component: [OLD] ServerAssignee: Net-Mail Packages <net-mail+disabled>
Status: RESOLVED FIXED    
Severity: minor CC: bugzilla-gentoo, haubi, michal, Xuefer
Priority: High    
Version: 2006.0   
Hardware: x86   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: stack variable not initized before strdup patch
stack variable used before init (updated)

Description Xuefer 2006-03-25 20:51:38 UTC
installed package: ssmtp mailx
reproduce:
echo -e "abc\nabc\n" | strace -s100 -f /bin/mail
write(3, "From: is an optional port number that defaults to 25.\n\r\n", 56) = 56

problem: the "From" field shall never be that string, as it's just a comment in the config.


file /etc/ssmtp/revaliases:
# sSMTP aliases
# 
# Format:       local_account:outgoing_address:mailhub
#
# Example: root:your_login@your.domain:mailhub.your.domain[:port]
# where [:port] is an optional port number that defaults to 25.

(not modified)
but
Comment 1 Xuefer 2006-03-25 22:53:32 UTC
Created attachment 83135 [details, diff]
stack variable not initized before strdup patch
Comment 2 Xuefer 2006-03-25 22:56:06 UTC
reproduce condiction:
CFLAGS="-O3"
can't reproduce condiction:
CFLAGS="-O2"
Comment 3 Xuefer 2006-03-25 22:59:09 UTC
reproduce condiction:
CFLAGS="-O3"
and non root user
can't reproduce condiction:
CFLAGS="-O2"
or root user
Comment 4 Robert Trace 2006-05-04 00:11:48 UTC
I've been able to recreate this (x86-64 @ -O2).  I fixed it a different way (before I found this bug :-), but my findings and fix ended up being essentially the same (write something into char buf[] before the function can strdup() it).

This is a fairly serious problem since the program is using uninitialized stack data.

It's also _really_ annoying.

It's been over a month since this bug was originally filed.  Can we expect a fix anytime soon?
Comment 5 Tuan Van (RETIRED) gentoo-dev 2006-05-04 07:36:01 UTC
(In reply to comment #0)
> installed package: ssmtp mailx
> reproduce:
> echo -e "abc\nabc\n" | strace -s100 -f /bin/mail
> write(3, "From: is an optional port number that defaults to 25.\n\r\n", 56) =
> 56
> 
> problem: the "From" field shall never be that string, as it's just a comment in
> the config.
> 
> 
> file /etc/ssmtp/revaliases:
> # sSMTP aliases
> # 
> # Format:       local_account:outgoing_address:mailhub
> #
> # Example: root:your_login@your.domain:mailhub.your.domain[:port]
> # where [:port] is an optional port number that defaults to 25.
> 
> (not modified)
> but
> 

(In reply to comment #2)
> reproduce condiction:
> CFLAGS="-O3"
> can't reproduce condiction:
> CFLAGS="-O2"
> 

toolchain, please advise.
Comment 6 Tuan Van (RETIRED) gentoo-dev 2006-05-04 08:36:50 UTC
I can't reproduce this on either x86 or ~x86 keywords.

$ emerge --info | egrep 'CFLAGS|KEYWORDS'
ACCEPT_KEYWORDS="x86"
CFLAGS="-O3 -march=pentium4 -fomit-frame-pointer"
$ echo -e"abc\nabc\n" | strace -s100 -o mailx.strace -f /bin/mail
No mail for langthang
$ grep -i from mailx.strace
15483 read(3, "set ask askcc append dot save crt\nignore Received Message-Id Resent-Message-Id Status Mail-From Retu"..., 4096) = 125
Comment 7 Robert Trace 2006-05-04 09:54:59 UTC
First of all, this is in no way an optimization bug.  Optimization may expose (or hide) the bug, but it is not the compiler or optimizer's fault.

It is coded incorrectly.  You can tell this by code inspection.

(In reply to comment #6)
> I can't reproduce this on either x86 or ~x86 keywords.

Reproduction requires that your GECOS information be empty.  If you follow the flow of the code, it's essentially:

from_format(char *str) {
 char buf[SIZE];

 if (something) {
  //stuff
 }else{
  if (somethingelse) {
   //more stuff
  }
}

return (strdup(buf));

Now, if something and somethingelse are both false, buf gets strdup'ed without ever being set (which is what the bodies of something and something else do).
Comment 8 SpanKY gentoo-dev 2006-05-04 10:17:10 UTC
indeed ... in this case, optimization just happens to trigger the issue more often ... not an uncommon scenario
Comment 9 Robert Trace 2006-05-04 22:08:53 UTC
Whoops.. I had a chance to actually look at the original patch and it's got a flaw in it (it restructured the if-else flow, but it did it wrong).

I'll attach my original fix which preserves the original intent of the code (and fixes the buffer problem).

It feels like this flow could be cleaned up a bit, but correctness first, beauty later.
Comment 10 Robert Trace 2006-05-04 22:10:15 UTC
Created attachment 86184 [details, diff]
stack variable used before init (updated)

Alternate implementation of fix that properly preserves if-else flow.
Comment 11 Fernando J. Pereda (RETIRED) gentoo-dev 2006-05-06 05:45:56 UTC
Thanks guys, fixed in -r2 and -r31.

- ferdy
Comment 12 Xuefer 2006-05-06 20:13:56 UTC
you're right, the fix was wrong. i wanted to kill duplicate code but didn't notice the "else" before "if(gecos)"

char *from_format(....)
{
    char buf[(BUF_SZ + 1)];

    if (override_from && minus_f) {
       str = append_domain(minus_f);
       ..sprintf...;
    }
    else if (gecos) {
       ..sprintf...;
    }
    else {
       ..sprintf...;
    }
}
i do think the bad flow IS the reason author made the mistake. although you fixed it by a patch as smallest as possible. i still recommend to kill duplicate code and use a more clear flow.

thank u for fixing this bug, anyway.
Comment 13 Xuefer 2006-05-06 20:15:08 UTC
to be clear:
"the fix was wrong" => "my fix was wrong".
Comment 14 Tuan Van (RETIRED) gentoo-dev 2006-05-13 21:32:53 UTC
*** Bug 131192 has been marked as a duplicate of this bug. ***
Comment 15 Carl Michal 2006-09-12 10:39:27 UTC
Could one of the versions with the fix be stabilized?  I just hit this bug with gcc-4.1
Comment 16 Andrej Kacian (RETIRED) gentoo-dev 2006-09-22 05:15:04 UTC
CCing arches.

Please test and stabilize version mentioned in summary, as it fixes config file parsing. It's been in portage since May.

Target keywords:
KEYWORDS="alpha amd64 arm hppa ia64 m68k mips ppc ppc64 s390 sh sparc x86 ~x86-fbsd"

Thanks!
Comment 17 Markus Rothe (RETIRED) gentoo-dev 2006-09-22 05:42:16 UTC
ppc64 stable
Comment 18 Christoph Mende (RETIRED) gentoo-dev 2006-09-22 07:27:18 UTC
- emerges fine on amd64
- passes collision-test
- passes multilib-strict
- works

Portage 2.1.1 (default-linux/amd64/2006.1/desktop, gcc-4.1.1, glibc-2.4-r3, 2.6.17-ck1-r3 x86_64)
=================================================================
System uname: 2.6.17-ck1-r3 x86_64 AMD Athlon(tm) 64 Processor 3000+
Gentoo Base System version 1.12.5
Last Sync: Fri, 22 Sep 2006 11:20:01 +0000
distcc 2.18.3 x86_64-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled]
ccache version 2.3 [enabled]
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: 1.3.7, 2.0.29
dev-lang/python:     2.4.3-r3
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     2.3
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r3
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="amd64"
AUTOCLEAN="yes"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=k8 -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/X11/xkb"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-march=k8 -O2 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig ccache collision-protect distlocks metadata-transfer multilib-strict parallel-fetch sandbox sfperms strict test"
GENTOO_MIRRORS="ftp://linux.rz.ruhr-uni-bochum.de/gentoo-mirror/ ftp://ftp.uni-erlangen.de/pub/mirrors/gentoo ftp://ftp.join.uni-muenster.de/pub/linux/distributions/gentoo ftp://ftp.wh2.tu-dresden.de/pub/mirrors/gentoo ftp://ftp.join.uni-muenster.de/pub/linux/distributions/gentoo ftp://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ ftp://ftp.gentoo.mesh-solutions.com/gentoo/ ftp://pandemonium.tiscali.de/pub/gentoo/ "
LANG="en_US.ISO8859-1"
LC_ALL="en_US.ISO8859-1"
LINGUAS=""
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_EXTRA_OPTS="--exclude-from=/etc/portage/rsync_excludes"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage/overlay"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="amd64 X a52 aac acpi alsa amr avi berkdb bitmap-fonts branding bzip2 cairo cdinstall cdparanoia cdr cli crypt cups dbus divx dlloader dri dvd dvdr dvdread elibc_glibc emboss encode expat fam firefox fortran gdbm gif glut gnutls gpm gstreamer gtk gtk2 hal imagemagick input_devices_evdev input_devices_keyboard isdnlog jpeg kernel_linux lcms ldap libg++ lirc lirc_devices_inputlirc logrotate mad mikmod mng mp3 mpeg musicbrainz ncurses nls nptl nptlonly offensive ogg opengl pam pcre pdflib php png ppds pppd quicktime readline reflection reiserfs rtc sdl session socks5 spl ssl svg symlink tcpd tiff truetype truetype-fonts type1-fonts udev unicode userland_GNU userlocales v4l v4l2 video_cards_fglrx vim-with-x vorbis wmp x264 xfs xine xinerama xml xorg xv xvid zlib"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS
Comment 19 Christian Faulhammer (RETIRED) gentoo-dev 2006-09-22 11:32:31 UTC
1) emerges fine
2) passes collision test
3) seems to work

Portage 2.1.1 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.4-r3, 2.6.17-gentoo-r8 i686)
=================================================================
System uname: 2.6.17-gentoo-r8 i686 AMD Athlon(tm) XP 2500+
Gentoo Base System version 1.12.5
Last Sync: Fri, 22 Sep 2006 05:50:01 +0000
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: 1.2.11-r1
dev-lang/python:     2.4.3-r1
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     [Not Present]
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r3
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.17-r1
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/splash /etc/terminfo"
CXXFLAGS="-O2"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig ccache collision-protect distlocks metadata-transfer parallel-fetch sandbox sfperms strict test"
GENTOO_MIRRORS="ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gentoo/"
LANG="de_DE@euro"
LC_ALL="de_DE@euro"
LINGUAS="de"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.informatik.rwth-aachen.de/gentoo-portage"
USE="x86 3dnow 3dnowext X Xaw3d a52 alsa arts artworkextra asf audiofile bash-completion beagle berkdb bidi bitmap-fonts bootsplash branding bzip2 cairo cdda cddb cdparanoia cdr cli cracklib crypt css cups curl custom-cflags dbus dga directfb divx4linux dlloader dri dts dvd dvdr dvdread dvi eds elibc_glibc emacs emboss encode esd evo exif expat fam fat fbcon ffmpeg firefox fortran ftp gb gcj gdbm gif gnome gpm gstreamer gtk gtk2 gtkhtml hal icq idn imagemagick imap input_devices_keyboard input_devices_mouse ipv6 isdnlog java javascript jikes jpeg jpeg2k kernel_linux ldap leim libg++ linguas_de lm_sensors mad maildir matroska mbox mhash mikmod mime mmx mmxext mng mono mp3 mpeg mpeg2 mule nautilus ncurses nforce2 nls nocardbus nptl nptlonly nsplugin nvidia objc ogg opengl pam pcre pdf perl plotutils pmu png ppds pppd preview-latex print python qt3 qt4 quicktime readline reflection reiserfs samba sdk session slang spell spl sse ssl svg svga t1lib tcltk tcpd tetex theora thunderbird tiff truetype truetype-fonts type1-fonts udev usb userland_GNU vcd video_cards_fbdev video_cards_radeon video_cards_vesa videos vorbis win32codecs wmf wxwindows xine xml xorg xosd xv xvid zlib"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 20 Chris Gianelloni (RETIRED) gentoo-dev 2006-09-22 11:56:10 UTC
x86/amd64 done
Comment 21 Lars Weiler (RETIRED) gentoo-dev 2006-09-24 04:21:58 UTC
ppc done
Comment 22 Gustavo Zacarias (RETIRED) gentoo-dev 2006-09-26 13:11:36 UTC
sparc stable.
Comment 23 Jeroen Roovers (RETIRED) gentoo-dev 2006-10-01 08:08:08 UTC
HPPA done!
Comment 24 Fernando J. Pereda (RETIRED) gentoo-dev 2006-10-11 18:30:32 UTC
Alpha done.
Comment 25 Alexander Færøy 2006-12-04 11:25:24 UTC
Stable on MIPS.