Bug#1060110: FTBFS: buffer overflow in test

Fri, 05 Jan 2024 16:06:14 -0800 

Package: socat
Severity: normal
Tags: patch
User: [email protected]
Usertags: origin-ubuntu noble ubuntu-patch

Dear Maintainer,

A buffer overrun in msg2() was observed when executing the HOSTNAMEOVFL
test:

https://launchpadlibrarian.net/704617807/buildlog_ubuntu-noble-ppc64el.socat_1.8.0.0-3_BUILDING.txt.gz

  * Fix memory overflow (LP: #2048408)
    d/p/error.c-buffer-overflow-in-msg2.patch

Thanks for considering the patch.

Best regards

Heinrich

diff -Nru socat-1.8.0.0/debian/patches/error.c-buffer-overflow-in-msg2.patch 
socat-1.8.0.0/debian/patches/error.c-buffer-overflow-in-msg2.patch
--- socat-1.8.0.0/debian/patches/error.c-buffer-overflow-in-msg2.patch  
1970-01-01 01:00:00.000000000 +0100
+++ socat-1.8.0.0/debian/patches/error.c-buffer-overflow-in-msg2.patch  
2024-01-06 00:03:50.000000000 +0100
@@ -0,0 +1,35 @@
+From: Heinrich Schuchardt <[email protected]>
+Date: Fri, 5 Jan 2024 21:20:26 +0000
+Subject: [PATCH 1/1] error.c: buffer overflow in msg2()
+
+A buffer overrun in msg2() was observed when executing the HOSTNAMEOVFL
+test.
+
+If strncpy() truncates a string it does not append a terminating NUL
+character. Insert a NUL character after the destination area.
+This ensures that strchr() will stop at the end of the string.
+
+Fixes: 9be423ceea3c ("Improved handling of very long host or program names, or 
no strftime")
+Signed-off-by: Heinrich Schuchardt <[email protected]>
+
+Forwarded: yes
+Last-Update: 2024-01-05
+---
+ error.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/error.c b/error.c
+index d0a2a9e..3435046 100644
+--- a/error.c
++++ b/error.c
+@@ -404,6 +404,7 @@ void msg2(
+    if (bufp < buff+MSGLEN)
+       *bufp++ = ' ';
+    strncpy(bufp, text, MSGLEN-(bufp-buff));
++   bufp[MSGLEN-(bufp-buff)] = 0;
+    bufp = strchr(bufp, '\0');
+    strcpy(bufp, "\n");
+    _msg(level, buff, syslp);
+-- 
+2.43.0
+
diff -Nru socat-1.8.0.0/debian/patches/series 
socat-1.8.0.0/debian/patches/series
--- socat-1.8.0.0/debian/patches/series 2023-12-21 13:58:31.000000000 +0100
+++ socat-1.8.0.0/debian/patches/series 2024-01-06 00:04:02.000000000 +0100
@@ -5,3 +5,4 @@
 07-compat-define-PATH_MAX.patch
 08-test.sh-fixes.patch
 09-xioinitialize.c.patch
+error.c-buffer-overflow-in-msg2.patch

Reply via email to