Summary: | net-misc/mmsclient removal (was net-misc/mmsclient-0.0.3-r1: buffer overflow accessing url) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Florian Streibelt <gentoo> |
Component: | Auditing | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | gengor, maintainer-needed, Martin.vGagern, treecleaner, truedfx |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | AMD64 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Florian Streibelt
2009-09-13 10:58:42 UTC
I just recompiled the source manually and I get: In function 'read', inlined from 'main' at client.c:575: /usr/include/bits/unistd.h:43: warning: call to '__read_chk_warn' declared with attribute warning: read called with bigger length than size of the destination buffer In function 'read', inlined from 'main' at client.c:586: /usr/include/bits/unistd.h:43: warning: call to '__read_chk_warn' declared with attribute warning: read called with bigger length than size of the destination buffer gcc -g -ggdb -O2 -Wall -o mmsclient client.o the reason for all this is in client.c: 31 #define BUF_SIZE 102400 [...] 473 char data[1024]; [...] 575 len = read (s, data, BUF_SIZE) ; [...] 586 len = read (s, data, BUF_SIZE) ; I reported this back in March as bug #263413, but since I cannot make that bug public I won't mark this as a duplicate. (In reply to comment #3) > I reported this back in March as bug #263413, but since I cannot make that bug > public I won't mark this as a duplicate. > ehrm - just to get that right - thats 6 months! As far as I see code execution is possible here? I suggest removing that ebuild from the tree - the whole code looks just ... bad. (In reply to comment #4) > ehrm - just to get that right - thats 6 months! I know. > As far as I see code execution > is possible here? Code execution would have been possible for this buffer overflow, but gcc/glibc's patches to enable _FORTIFY_SOURCE by default prevent this. You can only get the program to abort, nothing else. $URL in ebuild is not available anymore, and we have no maintainer. I'd say we remove this... Masked for removal # Víctor Ostorga <vostorga@gentoo.org> (09 Nov 2009) # Last version bump in 2004, allows buffer overflow # Upstream not available net-misc/mmsclient *** Bug 263413 has been marked as a duplicate of this bug. *** Maybe try to provide mimms as a replacement: http://savannah.nongnu.org/projects/mimms/ https://launchpad.net/mimms It seems to have originated at mmsclient but has seen more recent activity, and probably provides more reliable infrastructure (homepage, bug tracker) as well. If you really want it, you should write an ebuild and attach it. :) (In reply to comment #10) > If you really want it, you should write an ebuild and attach it. :) > …on a new ebuild request bug. (In reply to comment #11) > (In reply to comment #10) > > If you really want it, you should write an ebuild and attach it. :) > > …on a new ebuild request bug. …called bug #293650. :) Removed from tree |