Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 607894

Summary: <app-misc/pax-utils-1.2.3: dumpelf: multiple divide-by-zero with corrupt section headers
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: slyfox, toolchain
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [noglsa]
Package list:
Runtime testing required: ---
Bug Depends on: 608766    
Bug Blocks:    

Description Agostino Sarubbo gentoo-dev 2017-02-01 09:31:45 UTC 
This was privately disclosed to vapier which invited me to file a bug here.

I found multiple FPE on dumpelf.
Since I cannot obtain a valid asan/gdb trace, is not clear to me if this is just one issue with duplicates or not.

All issues are reproducible with "dumpelf $FILE"

1)
 FPE on unknown address 0x00000051ca65 (pc 0x00000051ca65 bp 0x7ffc31bb6f80 sp 
0x7ffc31bb6e40 T0)

Reproducer:
https://github.com/asarubbo/poc/blob/master/00137-pax-utils-dumpelf-fpe1


2)
  FPE on unknown address 0x00000051d335 (pc 0x00000051d335 bp 0x7ffc17babf80 
sp 0x7ffc17babe40 T0)

Reproducer:
https://github.com/asarubbo/poc/blob/master/00138-pax-utils-dumpelf-fpe2


3)
  FPE on unknown address 0x00000051db76 (pc 0x00000051db76 bp 0x7ffdf90fff80 
sp 0x7ffdf90ffe40 T0)

Reproducer:
https://github.com/asarubbo/poc/blob/master/00139-pax-utils-dumpelf-fpe3


If you need something else feel free to ask.
Comment 1 SpanKY gentoo-dev 2017-02-01 23:08:50 UTC 
should be fixed here:
https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=4609f57a690b4a5670baeb93167dab5300d07d4e

not planning on doing an update right away since dumpelf is a programming tool that no one really runs directly
Comment 2 Yury German Gentoo Infrastructure gentoo-dev 2017-03-24 04:41:47 UTC 
(In reply to SpanKY from comment #1)
> should be fixed here:
> https://gitweb.gentoo.org/proj/pax-utils.git/commit/
> ?id=4609f57a690b4a5670baeb93167dab5300d07d4e
> 
> not planning on doing an update right away since dumpelf is a programming
> tool that no one really runs directly

Vapier, just a tickler to see if you are ready for the bug now.
Comment 3 Doug Goldstein (RETIRED) gentoo-dev 2018-02-04 19:16:19 UTC 
just to confirm,

git describe --tags 4609f57a690b4a5670baeb93167dab5300d07d4e
v1.2.2-1-g4609f57
Comment 4 Doug Goldstein (RETIRED) gentoo-dev 2018-03-11 05:31:56 UTC 
Fixed with app-misc/pax-utils-1.2.3 and newer.
Comment 5 Aaron Bauman (RETIRED) gentoo-dev 2018-04-08 13:11:33 UTC 
GLSA Vote: No