59604 – bittornado: python: stack smashing attack in function fast_function()

Bug 59604 - bittornado: python: stack smashing attack in function fast_function()

Summary: bittornado: python: stack smashing attack in function fast_function()

Status:	RESOLVED DUPLICATE of bug 50309

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo net-p2p team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2004-08-06 04:07 UTC by Adam Chodorowski
Modified:	2005-07-17 13:06 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Adam Chodorowski 2004-08-06 04:07:50 UTC

When running btdownload* or btlaunchmany*, python dies with the following message just after or during checking existing file integrity:

  python: stack smashing attack in function fast_function()

Exact timing is somewhat random, sometimes it runs longer than other times. I'm running python 2.3.3-r1 and bittornado 0.3.4. Also tried with python 2.3.4, with the same result.

Trying with bittornado 0.3.7 gives somewhat different results. Now, it always seems to finish the entire file integrity check, and the abort happens when it starts connecting to peers. Also, the message is different:

  python: stack smashing attack in function call_function()

Note that this is similar to bug #59603 (bittorrent), so it's probably due to something in the shared codebase (AFAIR bittornado is derived from bittorrent). Perhaps this bug should also be filed against python; IMHO programs written in python shouldn't be able to trigger stack smashing in the interpreter.

Reproducible: Always
Steps to Reproduce:
1. btdownloadcurses.py something.torrent



Portage 2.0.50-r9 (hardened-x86-2004.0, gcc-3.3.3, glibc-2.3.3.20040420-r0,
2.6.7-hardened-r4)
=================================================================
System uname: 2.6.7-hardened-r4 i686 AMD Duron(tm) Processor
Gentoo Base System version 1.4.16
Autoconf: sys-devel/autoconf-2.59-r4
Automake: sys-devel/automake-1.8.3
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CFLAGS="-march=athlon -O3 -fomit-frame-pointer -pipe"
CHOST="i686-pc-linux-gnu"
COMPILER="gcc3"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config
/usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/env.d"
CXXFLAGS="-march=athlon -O3 -fomit-frame-pointer -pipe"
DISTDIR="/fs/ringhorne/gentoo/distfiles"
FEATURES="autoaddcvs ccache sandbox sfperms strict userpriv"
GENTOO_MIRRORS="http://trumpetti.atm.tut.fi/gentoo http://gentoo.linux.no
http://gentoo.oregonstate.edu http://www.ibiblio.org/pub/Linux/distributions/gentoo"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/fs/ringhorne/gentoo/portage"
PORTDIR_OVERLAY="/fs/ringhorne/gentoo/portage.local"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="3dnow alsa berkdb cdr crypt dvd encode gif hardened jpeg mmx ncurses nls
oggvorbis oss pam pic pie png quicktime readline rtc ssl tcpd tga theora tiff
truetype x86 zlib"

Comment 1 Jon Hood (RETIRED) gentoo-dev

2004-08-07 16:46:40 UTC


*** This bug has been marked as a duplicate of 50309 ***