+++ This bug was initially created as a clone of Bug #1084 +++ Description of problem: slirpvde crash after buffer overflow *** buffer overflow detected ***: slirpvde terminated ======= Backtrace: ========= /lib64/libc.so.6(__fortify_fail+0x37)[0x7f54b6bbeb27] /lib64/libc.so.6(+0xeda80)[0x7f54b6bbca80] /lib64/libc.so.6(+0xee0f7)[0x7f54b6bbd0f7] slirpvde[0x40b237] /lib64/libc.so.6(__libc_start_main+0xfd)[0x7f54b6aedc3d] slirpvde[0x401ae9] ======= Memory map: ======== 00400000-0040f000 r-xp 00000000 08:01 821745 /usr/bin/slirpvde 0060e000-0060f000 r--p 0000e000 08:01 821745 /usr/bin/slirpvde 0060f000-00610000 rw-p 0000f000 08:01 821745 /usr/bin/slirpvde 00610000-00611000 rw-p 00000000 00:00 0 01a6d000-01a8e000 rw-p 00000000 00:00 0 [heap] 7f54b68ba000-7f54b68cf000 r-xp 00000000 08:01 1975123 /lib64/libgcc_s-4.5.2.so.1 7f54b68cf000-7f54b6ace000 ---p 00015000 08:01 1975123 /lib64/libgcc_s-4.5.2.so.1 7f54b6ace000-7f54b6acf000 rw-p 00014000 08:01 1975123 /lib64/libgcc_s-4.5.2.so.1 7f54b6acf000-7f54b6c37000 r-xp 00000000 08:01 1966088 /lib64/libc-2.12.1.so 7f54b6c37000-7f54b6e36000 ---p 00168000 08:01 1966088 /lib64/libc-2.12.1.so 7f54b6e36000-7f54b6e3a000 r--p 00167000 08:01 1966088 /lib64/libc-2.12.1.so 7f54b6e3a000-7f54b6e3b000 rw-p 0016b000 08:01 1966088 /lib64/libc-2.12.1.so 7f54b6e3b000-7f54b6e40000 rw-p 00000000 00:00 0 7f54b6e40000-7f54b6e44000 r-xp 00000000 08:01 815655 /usr/lib64/libvdeplug.so.2.1.0 7f54b6e44000-7f54b7043000 ---p 00004000 08:01 815655 /usr/lib64/libvdeplug.so.2.1.0 7f54b7043000-7f54b7044000 r--p 00003000 08:01 815655 /usr/lib64/libvdeplug.so.2.1.0 7f54b7044000-7f54b7045000 rw-p 00004000 08:01 815655 /usr/lib64/libvdeplug.so.2.1.0 7f54b7045000-7f54b7062000 r-xp 00000000 08:01 1966090 /lib64/ld-2.12.1.so 7f54b723b000-7f54b723e000 rw-p 00000000 00:00 0 7f54b7260000-7f54b7261000 rw-p 00000000 00:00 0 7f54b7261000-7f54b7262000 r--p 0001c000 08:01 1966090 /lib64/ld-2.12.1.so 7f54b7262000-7f54b7263000 rw-p 0001d000 08:01 1966090 /lib64/ld-2.12.1.so 7f54b7263000-7f54b7264000 rw-p 00000000 00:00 0 7fff4c2ab000-7fff4c2cc000 rw-p 00000000 00:00 0 [stack] 7fff4c365000-7fff4c366000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] Abandon Version-Release number of selected component (if applicable): 2.2.2-5.mga1 How reproducible: Steps to Reproduce: 1. launch slirpvde
Created attachment 572 [details] minimal fix for crash patch attached, I have some small cleanups locally but AFAIK they're not essential: license tag fix, README.mageia vs mandriva, better patch for Makefile.in
CC: (none) => stewbintn
QA request: vde2-2.2.2-5.1.mga1 (+library) suggested procedure to test the bugfix: 1. in a terminal, run slirpvde and check if it aborts as described in this bugreport 2. update using the packages in updates_testing 3. run slirpvde again and check that it now gives an error message: "slirpvde: Could not connect to the VDE switch at '(null)': No such file or directory"
Assignee: cjw => qa-bugs
I've tested the i586 version in a Mageia 1 kde clean installation, and confirm that before installing the update, it terminated with a buffer overflow, while after installing the update it generates the "Could not connect" message.
CC: (none) => davidwhodgins
Yep comfirme too on a X86_64 version, first the overflow then slirpvde: Could not connect to the VDE switch at '(null)': No such file or directory
Can someone on the sysadmin team push the packages vde2 libvde-devel libvde2 from Core Updates Testing to Core Updates please.
Do you have an advisory text for this update, and maybe some cve numbers ?
CC: (none) => boklm
This is a simple bugfix not a security issue, so no cve numbers or advisory text. Update description: The slirpvde utility from the vde2 package in Mageia 1 contains a bug that triggers a runtime security check and aborts execution of the program. This update fixes that "crash".
Packages pushed to updates.
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED
CC: boklm => (none)