Bug 1678

Summary: buffer overflow on slirpvde
Product: Mageia Reporter: Christiaan Welvaart <cjw>
Component: RPM PackagesAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: alkahan, davidwhodgins, stewbintn
Version: 1   
Target Milestone: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Source RPM: vde2 CVE:
Status comment:
Bug Depends on: 1084    
Bug Blocks:    
Attachments: minimal fix for crash

Description Christiaan Welvaart 2011-06-08 00:17:46 CEST 
+++ This bug was initially created as a clone of Bug #1084 +++

Description of problem:
slirpvde crash after buffer overflow


*** buffer overflow detected ***: slirpvde terminated
======= Backtrace: =========
/lib64/libc.so.6(__fortify_fail+0x37)[0x7f54b6bbeb27]
/lib64/libc.so.6(+0xeda80)[0x7f54b6bbca80]
/lib64/libc.so.6(+0xee0f7)[0x7f54b6bbd0f7]
slirpvde[0x40b237]
/lib64/libc.so.6(__libc_start_main+0xfd)[0x7f54b6aedc3d]
slirpvde[0x401ae9]
======= Memory map: ========
00400000-0040f000 r-xp 00000000 08:01 821745                             /usr/bin/slirpvde
0060e000-0060f000 r--p 0000e000 08:01 821745                             /usr/bin/slirpvde
0060f000-00610000 rw-p 0000f000 08:01 821745                             /usr/bin/slirpvde
00610000-00611000 rw-p 00000000 00:00 0 
01a6d000-01a8e000 rw-p 00000000 00:00 0                                  [heap]
7f54b68ba000-7f54b68cf000 r-xp 00000000 08:01 1975123                    /lib64/libgcc_s-4.5.2.so.1
7f54b68cf000-7f54b6ace000 ---p 00015000 08:01 1975123                    /lib64/libgcc_s-4.5.2.so.1
7f54b6ace000-7f54b6acf000 rw-p 00014000 08:01 1975123                    /lib64/libgcc_s-4.5.2.so.1
7f54b6acf000-7f54b6c37000 r-xp 00000000 08:01 1966088                    /lib64/libc-2.12.1.so
7f54b6c37000-7f54b6e36000 ---p 00168000 08:01 1966088                    /lib64/libc-2.12.1.so
7f54b6e36000-7f54b6e3a000 r--p 00167000 08:01 1966088                    /lib64/libc-2.12.1.so
7f54b6e3a000-7f54b6e3b000 rw-p 0016b000 08:01 1966088                    /lib64/libc-2.12.1.so
7f54b6e3b000-7f54b6e40000 rw-p 00000000 00:00 0 
7f54b6e40000-7f54b6e44000 r-xp 00000000 08:01 815655                     /usr/lib64/libvdeplug.so.2.1.0
7f54b6e44000-7f54b7043000 ---p 00004000 08:01 815655                     /usr/lib64/libvdeplug.so.2.1.0
7f54b7043000-7f54b7044000 r--p 00003000 08:01 815655                     /usr/lib64/libvdeplug.so.2.1.0
7f54b7044000-7f54b7045000 rw-p 00004000 08:01 815655                     /usr/lib64/libvdeplug.so.2.1.0
7f54b7045000-7f54b7062000 r-xp 00000000 08:01 1966090                    /lib64/ld-2.12.1.so
7f54b723b000-7f54b723e000 rw-p 00000000 00:00 0 
7f54b7260000-7f54b7261000 rw-p 00000000 00:00 0 
7f54b7261000-7f54b7262000 r--p 0001c000 08:01 1966090                    /lib64/ld-2.12.1.so
7f54b7262000-7f54b7263000 rw-p 0001d000 08:01 1966090                    /lib64/ld-2.12.1.so
7f54b7263000-7f54b7264000 rw-p 00000000 00:00 0 
7fff4c2ab000-7fff4c2cc000 rw-p 00000000 00:00 0                          [stack]
7fff4c365000-7fff4c366000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
Abandon



Version-Release number of selected component (if applicable):
2.2.2-5.mga1

How reproducible:



Steps to Reproduce:
1. launch slirpvde
Comment 1 Christiaan Welvaart 2011-06-15 13:37:20 CEST 
Created attachment 572 [details]
minimal fix for crash

patch attached, I have some small cleanups locally but AFAIK they're not essential: license tag fix, README.mageia vs mandriva, better patch for Makefile.in
Stew Benedict 2011-06-15 15:52:13 CEST

CC: (none) => stewbintn

Comment 2 Christiaan Welvaart 2011-06-23 00:02:55 CEST 
QA request: vde2-2.2.2-5.1.mga1  (+library)

suggested procedure to test the bugfix: 
1. in a terminal, run slirpvde and check if it aborts as described in this bugreport
2. update using the packages in updates_testing
3. run slirpvde again and check that it now gives an error message:
  "slirpvde: Could not connect to the VDE switch at '(null)': No such file or directory"

Assignee: cjw => qa-bugs

Comment 3 Dave Hodgins 2011-06-23 02:18:34 CEST 
I've tested the i586 version in a Mageia 1 kde clean installation, and confirm
that before installing the update, it terminated with a buffer overflow, while
after installing the update it generates the "Could not connect" message.

CC: (none) => davidwhodgins

Comment 4 Manuel Hiebel 2011-06-30 01:27:16 CEST 
Yep comfirme too on a X86_64 version, first the overflow then 
slirpvde: Could not connect to the VDE switch at '(null)': No such file or directory
Comment 5 Dave Hodgins 2011-06-30 04:52:49 CEST 
Can someone on the sysadmin team push the packages
vde2
libvde-devel
libvde2
from Core Updates Testing to Core Updates please.
Comment 6 Nicolas Vigier 2011-06-30 14:49:07 CEST 
Do you have an advisory text for this update, and maybe some cve numbers ?

CC: (none) => boklm

Comment 7 Christiaan Welvaart 2011-06-30 15:38:47 CEST 
This is a simple bugfix not a security issue, so no cve numbers or advisory text.

Update description:

The slirpvde utility from the vde2 package in Mageia 1 contains a bug that triggers a runtime security check and aborts execution of the program. This update fixes that "crash".
Comment 8 Nicolas Vigier 2011-06-30 15:48:24 CEST 
Packages pushed to updates.

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED

Nicolas Vigier 2014-05-08 18:05:08 CEST

CC: boklm => (none)