Description of problem: When trying to put a file onto server, a buffer overflow occours. Version-Release number of selected component (if applicable): tftp-5.0-6 x64 How reproducible: Every time. Steps to Reproduce: 1.Install tftp package with urpmi on x64 platform: "urpmi tftp" 2.Run tftp program, i.e. "tftp" 3.Set mode to binary: "mode binary" 4.Try to put some file onto server (i.e. I tried to put a Edimax router image file onto router): "put EdiEngEW7209APg_1.28.bin" The tftp program aborts itself as follows: [root@acer Edimax]# tftp -m binary 192.168.1.6 -c put EdiEngEW7209APg_1.28.bin *** buffer overflow detected ***: tftp terminated ======= Backtrace: ========= /lib64/libc.so.6(__fortify_fail+0x37)[0x7fdc14f65b27] /lib64/libc.so.6(+0xeda80)[0x7fdc14f63a80] tftp[0x401611] tftp[0x401bf7] tftp[0x403f74] /lib64/libc.so.6(__libc_start_main+0xfd)[0x7fdc14e94c3d] tftp[0x401489] ======= Memory map: ======== 00400000-00407000 r-xp 00000000 08:06 31047 /usr/bin/tftp 00606000-00607000 rw-p 00006000 08:06 31047 /usr/bin/tftp 00607000-00627000 rw-p 00000000 00:00 0 01327000-01348000 rw-p 00000000 00:00 0 [heap] 7fdc14c61000-7fdc14c76000 r-xp 00000000 08:06 520317 /lib64/libgcc_s-4.5.2.so.1 7fdc14c76000-7fdc14e75000 ---p 00015000 08:06 520317 /lib64/libgcc_s-4.5.2.so.1 7fdc14e75000-7fdc14e76000 rw-p 00014000 08:06 520317 /lib64/libgcc_s-4.5.2.so.1 7fdc14e76000-7fdc14fde000 r-xp 00000000 08:06 520210 /lib64/libc-2.12.1.so 7fdc14fde000-7fdc151dd000 ---p 00168000 08:06 520210 /lib64/libc-2.12.1.so 7fdc151dd000-7fdc151e1000 r--p 00167000 08:06 520210 /lib64/libc-2.12.1.so 7fdc151e1000-7fdc151e2000 rw-p 0016b000 08:06 520210 /lib64/libc-2.12.1.so 7fdc151e2000-7fdc151e7000 rw-p 00000000 00:00 0 7fdc151e7000-7fdc15204000 r-xp 00000000 08:06 520203 /lib64/ld-2.12.1.so 7fdc153b1000-7fdc153e6000 r--s 00000000 08:06 666808 /var/db/nscd/services 7fdc153e6000-7fdc153e9000 rw-p 00000000 00:00 0 7fdc15401000-7fdc15403000 rw-p 00000000 00:00 0 7fdc15403000-7fdc15404000 r--p 0001c000 08:06 520203 /lib64/ld-2.12.1.so 7fdc15404000-7fdc15405000 rw-p 0001d000 08:06 520203 /lib64/ld-2.12.1.so 7fdc15405000-7fdc15406000 rw-p 00000000 00:00 0 7fff843d1000-7fff843f2000 rw-p 00000000 00:00 0 [stack] 7fff843ff000-7fff84400000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] Abortado
CC: (none) => lists.jjorgeAssignee: bugsquad => lists.jjorge
Fedora has a patch to fix that, I am applying it.
Status: NEW => ASSIGNED
5.1 version in Cauldron fixes that. 5.0 version in Mageia 1 has the same problem, so I only applied the patch. Qa Team, please test with this command : tftp -m binary localhost -c put one_file It should not crash anymore with tftp-5.0-7.1.
Assignee: lists.jjorge => qa-bugs
Testing complete on i586 for the srpm tftp-5.0-7.1.mga1.src.rpm I confirmed that the core release version crashed with a buffer overflow. I also installed tftp-server, and added "-c -p" to the options in /etc/xinetd.d/tftp. (restart the service xinetd after changing), I also changed the owner of the /var/lib/tftpboot directory to nobody, so that the server could write to it. Note that the tftp-server will normally only be used to provide files, in it's default configuration, so these are not config problems for the server. Before the server was set up, the tftp command would timeout. With it installed/setup, the upload works.
CC: (none) => davidwhodgins
Tested OK x86_64 using Dave's procedure. Update validated Advisory ----------------- This update to tftp corrects a crash due to a buffer overflow when putting a binary file onto a server. Mageia Bug: https://bugs.mageia.org/show_bug.cgi?id=1816 ----------------- SRPM: tftp-5.0-7.1.mga1.src.rpm Could sysadmin please push from core/updates testing to core/updates Thankyou!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Hardware: x86_64 => All
Version: Cauldron => 1
Update pushed.
Status: ASSIGNED => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED