Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 891995 - net-p2p/rtorrent-0.9.8-r1 buffer overflow detected
Summary: net-p2p/rtorrent-0.9.8-r1 buffer overflow detected
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Hardened (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: The Gentoo Linux Hardened Team
URL: https://github.com/rakshasa/rtorrent/...
Whiteboard:
Keywords: PATCH, PullRequest
Depends on: 911346
Blocks: 847148
  Show dependency tree
 
Reported: 2023-01-25 09:45 UTC by Alex Efros
Modified: 2023-10-03 17:38 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Efros 2023-01-25 09:45:02 UTC 
After recompiling rtorrent using sys-devel/gcc-12.2.1_p20230121-r1 with USE=hardened it start crashing with "buffer overflow detected" if ~/.rtorrent.rc contains session.path.set directive.

$ echo "session.path.set = $HOME/.rtorrent" > ~/.rtorrent.rc
$ mkdir ~/.rtorrent
$ rtorrent
*** buffer overflow detected ***: terminated
                                            Aborted

When it was compiled using gcc-11.3.1_p20221209 (also with USE=hardened) this wasn't happens.

Portage 3.0.43 (python 3.10.9-final-0, default/linux/amd64/17.1/hardened, gcc-12, glibc-2.36-r5, 5.15.88-gentoo x86_64)
=================================================================
System uname: Linux-5.15.88-gentoo-x86_64-AMD_Ryzen_9_5900X_12-Core_Processor-with-glibc2.36
KiB Mem:    32813192 total,  22411072 free
KiB Swap:   16776896 total,  16776896 free
Timestamp of repository gentoo: Wed, 25 Jan 2023 09:00:01 +0000
Head commit of repository gentoo: 7db8a0fcc25152b0f663520f85843dbb358cb94c
sh bash 5.1_p16-r2
ld GNU ld (Gentoo 2.39 p5) 2.39.0
ccache version 4.7.4 [enabled]
app-misc/pax-utils:        1.3.5::gentoo
app-shells/bash:           5.1_p16-r2::gentoo
dev-java/java-config:      2.3.1::gentoo
dev-lang/perl:             5.36.0-r1::gentoo
dev-lang/python:           3.9.16::gentoo, 3.10.9::gentoo, 3.11.1::gentoo
dev-lang/rust:             1.66.1::gentoo
dev-util/ccache:           4.7.4::gentoo
dev-util/cmake:            3.24.3::gentoo
dev-util/meson:            0.64.1::gentoo
sys-apps/baselayout:       2.9::gentoo
sys-apps/sandbox:          2.29::gentoo
sys-devel/autoconf:        2.13-r7::gentoo, 2.71-r5::gentoo
sys-devel/automake:        1.16.5::gentoo
sys-devel/binutils:        2.39-r4::gentoo
sys-devel/binutils-config: 5.4.1::gentoo
sys-devel/clang:           15.0.6-r1::gentoo
sys-devel/gcc:             12.2.1_p20230121-r1::gentoo
sys-devel/gcc-config:      2.8::gentoo
sys-devel/libtool:         2.4.7::gentoo
sys-devel/lld:             15.0.6::gentoo
sys-devel/llvm:            15.0.6-r1::gentoo
sys-devel/make:            4.3::gentoo
sys-kernel/linux-headers:  5.15-r3::gentoo (virtual/os-headers)
sys-libs/glibc:            2.36-r5::gentoo
sys-libs/libselinux:       3.4::gentoo
Repositories:

gentoo
    location: /usr/portage
    sync-type: rsync
    sync-uri: rsync://rsync.gentoo.org/gentoo-portage
    priority: -1000
    volatile: True
    sync-rsync-verify-max-age: 24
    sync-rsync-extra-opts: 
    sync-rsync-verify-metamanifest: yes
    sync-rsync-verify-jobs: 1

local
    location: /usr/local/portage
    masters: gentoo
    priority: 0
    volatile: True

powerman
    location: /home/powerman/proj/gentoo/powerman-overlay
    masters: gentoo
    priority: 50
    volatile: True

steam-overlay
    location: /var/lib/layman/steam-overlay
    sync-type: laymansync
    sync-uri: https://github.com/anyc/steam-overlay.git
    masters: gentoo
    priority: 50
    volatile: True

torbrowser
    location: /var/lib/layman/torbrowser
    sync-type: laymansync
    sync-uri: https://github.com/MeisterP/torbrowser-overlay.git
    masters: gentoo
    priority: 50
    volatile: True

Installed sets: @esteam
ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="*"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=native -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /service /usr/lib64/libreoffice/program/sofficerc /usr/share/config /usr/share/easy-rsa /usr/share/gnupg/qualified.txt /usr/share/i2p/scripts /usr/share/maven-bin-3.8/conf /var/log"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-march=native -O2 -pipe"
DISTDIR="/usr/portage-distfiles"
EMERGE_DEFAULT_OPTS="--with-bdeps=y --autounmask --autounmask-write --alert=y"
ENV_UNSET="CARGO_HOME DBUS_SESSION_BUS_ADDRESS DISPLAY GDK_PIXBUF_MODULE_FILE GOBIN GOPATH PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR XDG_STATE_HOME"
FCFLAGS="-march=native -O2 -pipe"
FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs buildpkg-live ccache clean-logs config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync multilib-strict network-sandbox news parallel-fetch pid-sandbox preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms strict strict-keepdir unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-march=native -O2 -pipe"
GENTOO_MIRRORS="http://mirror.leaseweb.com/gentoo/ http://mirrors.aliyun.com/gentoo/ http://ftp.snt.utwente.nl/pub/os/linux/gentoo"
LANG="ru_RU.utf8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
LEX="flex"
LINGUAS="en ru ru_RU"
MAKEOPTS="-j24"
PKGDIR="/usr/portage-packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/var/tmp"
SHELL="/bin/zsh"
USE="X a52 aac acl acpi aes alac alsa amd64 avx avx2 bash-completion bluetooth branding bzip2 cairo caps cdda cddb cdr cet chm cli crypt cups dbus dcron dga djvu dri dts dvb dvd dvdr egl eglfs elogind emboss encode exif f16c fam ffmpeg flac fma3 fontconfig fortran gallium gdbm gif gpg gtk hardened heif iconv icu id3tag idn ipv6 jpeg jpeg2k lcms libglvnd libnotify libtirpc mac mad matroska mmx mmxext mng mp3 mp4 mpeg mtp multilib musepack ncurses network-cron nls nptl nsplugin ogg opengl openmp opus pam pango pclmul pcre pdf perl pie png policykit popcnt ppds qt5 rdrand readline rtc sdl seccomp sha spell split-usr sse sse2 sse3 sse4_1 sse4_2 sse4a ssl ssp ssse3 startup-notification svg tcpd test-rust theora tiff truetype udev udisks unicode upower usb vaapi vdpau vim-syntax vorbis wavpack wxwidgets x264 x265 xattr xcb xml xscreensaver xtpax xv xvid xvmc zlib" ABI_X86="64" ADA_TARGET="gnat_2021" APACHE2_MODULES="log_config vhost_alias autoindex alias rewrite dir deflate filter mime negotiation auth_basic authn_file authz_host authz_user authz_groupfile cgi actions headers env setenvif authn_core authz_core unixd socache_shmcb access_compat" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx avx2 f16c fma3 mmx mmxext pclmul popcnt rdrand sha sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" GRUB_PLATFORMS="efi-64 pc" INPUT_DEVICES="evdev" KERNEL="linux" L10N="en ru" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LUA_SINGLE_TARGET="lua5-1" LUA_TARGETS="lua5-1" NGINX_MODULES_HTTP="access auth_basic autoindex browser charset empty_gif fastcgi geo gzip limit_conn limit_req map memcached proxy referer rewrite scgi split_clients ssi upstream_ip_hash userid uwsgi addition fancyindex" NGINX_MODULES_STREAM="ssl_preread map" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-6 php7-0" POSTGRES_TARGETS="postgres12 postgres13" PYTHON_SINGLE_TARGET="python3_9" PYTHON_TARGETS="python3_10 python3_9" QEMU_SOFTMMU_TARGETS="x86_64 i386" QEMU_USER_TARGETS="x86_64 i386" RUBY_TARGETS="ruby27 ruby30" USERLAND="GNU" VIDEO_CARDS="nvidia nouveau" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq proto steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  ADDR2LINE, AR, ARFLAGS, AS, ASFLAGS, CC, CCLD, CONFIG_SHELL, CPP, CPPFLAGS, CTARGET, CXX, CXXFILT, ELFEDIT, EXTRA_ECONF, F77FLAGS, FC, GCOV, GPROF, INSTALL_MASK, LC_ALL, LD, LFLAGS, LIBTOOL, MAKE, MAKEFLAGS, NM, OBJCOPY, OBJDUMP, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, RANLIB, READELF, RUSTFLAGS, SIZE, STRINGS, STRIP, YACC, YFLAGS
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-01-25 09:47:18 UTC 
Thanks! Could you get a backtrace?
Comment 2 Alex Efros 2023-01-25 10:01:19 UTC 
(In reply to Sam James from comment #1)
> See Also: https://github.com/rakshasa/rtorrent/pull/1169

This PR fixes the issue, thanks!
Comment 3 Larry the Git Cow gentoo-dev 2023-03-04 07:18:47 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ee4985333e42e9794fb0f165a857e78af0f363d5

commit ee4985333e42e9794fb0f165a857e78af0f363d5
Author:     Stephen Shkardoon <ss23@ss23.geek.nz>
AuthorDate: 2023-02-27 15:34:06 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-03-04 07:18:15 +0000

    net-p2p/rtorrent: Resolve overflow issue on hardened build
    
    Closes: https://bugs.gentoo.org/891995
    Signed-off-by: Stephen Shkardoon <ss23@ss23.geek.nz>
    Closes: https://github.com/gentoo/gentoo/pull/29834
    Signed-off-by: Sam James <sam@gentoo.org>

 .../rtorrent/files/rtorrent-0.9.8-bgo891995.patch  | 27 ++++++++
 net-p2p/rtorrent/rtorrent-0.9.8-r2.ebuild          | 74 ++++++++++++++++++++++
 2 files changed, 101 insertions(+)