Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 351478

Summary: net-misc/curl-7.21.3 - buffer overflow detected during testsuite
Product: Gentoo Linux Reporter: Ryan Hill (RETIRED) <rhill>
Component: [OLD] LibraryAssignee: Dror Levin (RETIRED) <spatz>
Status: RESOLVED FIXED    
Severity: normal CC: dragonheart, kanelxake, patrick, steffen.bergner, tampakrap, zeekec
Priority: High Keywords: InVCS
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 259417    
Attachments: curl.overflow.log
upstream fix

Description Ryan Hill (RETIRED) gentoo-dev 2011-01-12 20:34:52 UTC
test 282...OK (277 out of 585, remaining: 01:36)
test 283...*** buffer overflow detected ***: server/tftpd terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x367dee7c57]
/lib/libc.so.6[0x367dee5a70]
server/tftpd[0x404635]
server/tftpd[0x405c2f]
/lib/libc.so.6(__libc_start_main+0xfd)[0x367de1ecdd]
server/tftpd[0x401629]
======= Memory map: ========
00400000-00408000 r-xp 00000000 fe:05 264322                             /var/tmp/portage/net-misc/curl-7.21.3/work/curl-7.21.3/tests/server/tftpd
00607000-00608000 r--p 00007000 fe:05 264322                             /var/tmp/portage/net-misc/curl-7.21.3/work/curl-7.21.3/tests/server/tftpd
00608000-00609000 rw-p 00008000 fe:05 264322                             /var/tmp/portage/net-misc/curl-7.21.3/work/curl-7.21.3/tests/server/tftpd
0077b000-0079c000 rw-p 00000000 00:00 0                                  [heap]
367da00000-367da1e000 r-xp 00000000 08:03 29786                          /lib64/ld-2.12.2.so
367dc1d000-367dc1e000 r--p 0001d000 08:03 29786                          /lib64/ld-2.12.2.so
367dc1e000-367dc1f000 rw-p 0001e000 08:03 29786                          /lib64/ld-2.12.2.so
367dc1f000-367dc20000 rw-p 00000000 00:00 0 
367de00000-367df62000 r-xp 00000000 08:03 29801                          /lib64/libc-2.12.2.so
367df62000-367e162000 ---p 00162000 08:03 29801                          /lib64/libc-2.12.2.so
367e162000-367e166000 r--p 00162000 08:03 29801                          /lib64/libc-2.12.2.so
367e166000-367e167000 rw-p 00166000 08:03 29801                          /lib64/libc-2.12.2.so
367e167000-367e16c000 rw-p 00000000 00:00 0 
367e600000-367e618000 r-xp 00000000 08:03 30298                          /lib64/libpthread-2.12.2.so
367e618000-367e817000 ---p 00018000 08:03 30298                          /lib64/libpthread-2.12.2.so
367e817000-367e818000 r--p 00017000 08:03 30298                          /lib64/libpthread-2.12.2.so
367e818000-367e819000 rw-p 00018000 08:03 30298                          /lib64/libpthread-2.12.2.so
367e819000-367e81d000 rw-p 00000000 00:00 0 
367ea00000-367ea02000 r-xp 00000000 08:03 29857                          /lib64/libdl-2.12.2.so
367ea02000-367ec02000 ---p 00002000 08:03 29857                          /lib64/libdl-2.12.2.so
367ec02000-367ec03000 r--p 00002000 08:03 29857                          /lib64/libdl-2.12.2.so
367ec03000-367ec04000 rw-p 00003000 08:03 29857                          /lib64/libdl-2.12.2.so
367fa00000-367fa08000 r-xp 00000000 08:03 30326                          /lib64/librt-2.12.2.so
367fa08000-367fc07000 ---p 00008000 08:03 30326                          /lib64/librt-2.12.2.so
367fc07000-367fc08000 r--p 00007000 08:03 30326                          /lib64/librt-2.12.2.so
367fc08000-367fc09000 rw-p 00008000 08:03 30326                          /lib64/librt-2.12.2.so
3d1fe00000-3d1fe15000 r-xp 00000000 fe:00 269451                         /usr/lib64/gcc/x86_64-unknown-linux-gnu/4.5.2/libgcc_s.so.1
3d1fe15000-3d20014000 ---p 00015000 fe:00 269451                         /usr/lib64/gcc/x86_64-unknown-linux-gnu/4.5.2/libgcc_s.so.1
3d20014000-3d20015000 r--p 00014000 fe:00 269451                         /usr/lib64/gcc/x86_64-unknown-linux-gnu/4.5.2/libgcc_s.so.1
3d20015000-3d20016000 rw-p 00015000 fe:00 269451                         /usr/lib64/gcc/x86_64-unknown-linux-gnu/4.5.2/libgcc_s.so.1
7fe7834bb000-7fe7834ff000 rw-p 00000000 00:00 0 
7fe7834ff000-7fe78350e000 r-xp 00000000 fe:00 12772                      /usr/lib64/libsandbox.so
7fe78350e000-7fe78370e000 ---p 0000f000 fe:00 12772                      /usr/lib64/libsandbox.so
7fe78370e000-7fe78370f000 r--p 0000f000 fe:00 12772                      /usr/lib64/libsandbox.so
7fe78370f000-7fe783710000 rw-p 00010000 fe:00 12772                      /usr/lib64/libsandbox.so
7fe783710000-7fe783741000 rw-p 00000000 00:00 0 
7fff402cc000-7fff402f0000 rw-p 00000000 00:00 0                          [stack]
7fff403ff000-7fff40400000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]

Portage 2.2.0_alpha15 (default/linux/amd64/10.0/developer, gcc-4.5.2, glibc-2.12.2-r0, 2.6.36-gentoo-r6 x86_64)
=================================================================
System uname: Linux-2.6.36-gentoo-r6-x86_64-Intel-R-_Core-TM-2_Duo_CPU_T9300_@_2.50GHz-with-gentoo-2.0.1
Timestamp of tree: Wed, 12 Jan 2011 20:00:24 +0000
ccache version 3.1.4 [enabled]
app-shells/bash:     4.1_p9
dev-java/java-config: 2.1.11-r3
dev-lang/python:     2.5.4-r4, 2.6.6-r1, 2.7.1, 3.1.3
dev-util/ccache:     3.1.4
dev-util/cmake:      2.8.3-r1
sys-apps/baselayout: 2.0.1-r1
sys-apps/openrc:     0.6.8
sys-apps/sandbox:    2.4
sys-devel/autoconf:  2.13, 2.68
sys-devel/automake:  1.9.6-r3, 1.10.3, 1.11.1
sys-devel/binutils:  2.21
sys-devel/gcc:       4.1.2, 4.3.5::dirtyepic, 4.4.5, 4.4.6_pre9999::toolchain, 4.5.2, 4.5.3_pre9999::toolchain, 4.6.0_pre9999::toolchain
sys-devel/gcc-config: 1.5::halo-overlay
sys-devel/libtool:   2.4-r1
sys-devel/make:      3.82
virtual/os-headers:  2.6.36.1 (sys-kernel/linux-headers)
Repositories: gentoo halo-overlay dirtyepic gcc-porting toolchain
ACCEPT_KEYWORDS="amd64 ~amd64"
ACCEPT_LICENSE="*"
CBUILD="x86_64-unknown-linux-gnu"
CFLAGS="-O2 -march=native -pipe -ftree-vectorize"
CHOST="x86_64-unknown-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/config"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-O2 -march=native -pipe -ftree-vectorize"
DISTDIR="/usr/portage/distfiles"
EMERGE_DEFAULT_OPTS="--with-bdeps=y"
FEATURES="assume-digests binpkg-logs ccache distlocks fixlafiles fixpackages multilib-strict news parallel-fetch preserve-libs protect-owned sandbox sfperms sign split-log splitdebug strict test test-fail-continue unknown-features-warn unmerge-orphans userfetch userpriv usersandbox usersync"
GENTOO_MIRRORS="http://distfiles.gentoo.org http://distfiles.gentoo.org/"
LANG="en_US.utf8"
LC_ALL="en_US.utf8"
LDFLAGS="-Wl,--hash-style=gnu -Wl,-O1 -Wl,--as-needed"
LINGUAS="en en_US"
MAKEOPTS="-j4 V=1"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/home/dirtyepic/overlay /home/dirtyepic/svn/dirtyepic /home/dirtyepic/svn/gcc-porting /home/dirtyepic/svn/toolchain"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="X a52 aac acl acpi akonadi alsa amd64 archive ass autotrace avahi bash-completion berkdb bonjour bs2b bzip2 cairo ccache cdaudio cdda cddb cdio cdr cli consolekit cracklib crypt cscope css curl custom-optimization cvs cxx dbus device-mapper dirac disk-partition djvu dri dts dvd dvdnav dvdr emboss emf enca encode exif expat faac faad fam ffmpeg fftw firefox firefox3 flac fontconfig fts3 gdbm gif git gmp gmplayer gold graphite graphviz gstreamer gtk gui guidexml iconv icu id3tag imap inotify jadetex java jpeg jpeg2k kde kdehiddenvisibility kipi lame laptop lastfm lastfmradio libburn libmms libnotify lightning lzma mad maildir mdnsresponder-compat mmap mmx mmxext mng modules mp2 mp3 mp4 mpeg mplayer multilib musicbrainz natspec ncurses network-cron nntp nptl nptlonly nsplugin ogg opengl openmp openssl opensync optimized-qmake osdmenu pam pango pcre pdf phonon pic pixbuf plotutils png policykit ppds pppd qt3support qt4 quicktime rar readline replytolist rtc schroedinger scrobbler session shm smp snmp sound sox spell sse sse2 sse3 ssl ssse3 startup-notification subversion svg sysfs taglib tcpd theora threads threadsafe thumbnail tiff tremor truetype udev unicode urandom usb utempter vim-syntax vim-with-x visibility vorbis wicd wifi wma wmf wxwidgets wxwindows x264 xattr xcb xcomposite xft xml xmlpatterns xmp xorg xulrunner xv xvid xvmc zip zlib" ALSA_CARDS="hda-intel" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="evdev synaptics" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en en_US" PHP_TARGETS="php5-3" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="intel" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" 
Unset:  CPPFLAGS, CTARGET, FFLAGS, INSTALL_MASK, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 1 Ryan Hill (RETIRED) gentoo-dev 2011-01-12 20:37:50 UTC
Created attachment 259652 [details]
curl.overflow.log

i love wordwrap.
Comment 2 Xake 2011-01-17 13:37:55 UTC
Created attachment 260047 [details, diff]
upstream fix

upstream fixed this with the following commit:
https://github.com/bagder/curl/commit/1df74d886d764115944d40fbc79bfd51ec7d714a
Comment 3 Dror Levin (RETIRED) gentoo-dev 2011-01-17 17:51:21 UTC
Thanks for the patch. Does the testsuite pass with it, or are there more problems? If it does I'll include it, otherwise I'll just wait for the next release.
Comment 4 Xake 2011-01-17 18:49:06 UTC
Of all the test failures only test 555 is not fixed (not related to tftpd), but it seems unstable anyway on my system (sometimes passes, sometimes not) so it may be my setup. Someone else have to test to confirm.
Comment 5 Theo Chatzimichos (RETIRED) archtester gentoo-dev Security 2011-01-28 07:42:52 UTC
the patch worked here, all tests passed afterwards
Comment 6 Steffen Bergner 2011-02-17 13:07:07 UTC
Kindly asked: When will it be official?
Comment 7 Tomáš Chvátal (RETIRED) gentoo-dev 2011-02-19 17:23:05 UTC
Fixed in 7.21.3-r1.
Comment 8 Steffen Bergner 2011-02-21 16:03:05 UTC
Result:

Calculating dependencies... done!
[ebuild   R   ] net-misc/curl-7.21.4  USE="ldap ssl test threads -ares -gnutls -idn -ipv6 -kerberos -libssh2 -nss -static-libs" 0 kB

Thank you!