Ubuntu
vde2 package

[SRU] slirpvde buffer overflow

Bug #287109 reported by milambert
24
This bug affects 1 person
Affects Status Importance Assigned to Milestone
vde2 (Debian)
Fix Released
Undecided
Unassigned
vde2 (Ubuntu)
Fix Released
Undecided
Unassigned
Intrepid
Fix Released
Undecided
Unassigned

Bug Description

slirpvde crashes consequently with a buffer owerflow when being started.

== SRU request for intrepid: ==
Rationale:
slirpvde is currently not working at all.

Development version:
Already fixed in jaunty with the same patch as being proposed here.

How to reproduce:
Run slirpvde; it crashes with a detected buffer overflow. Using the patched version slirpvde doesn't crash and works.

Regression potential:
Insignificant. The patch only touches the slirpvde specific code; and slirpvde is non-working currently.

See original description
Revision history for this message
Alberto Bertogli (albertito) wrote :

The package is vde2, not vde.

I've also reproduced this bug on amd64, with package version 2.2.2-3.

Please let me know if you need any additional information/testing.

Thanks,
    Alberto

Revision history for this message
mariof (mario-flajslik) wrote :

Hey

I've run into the same issue on Ubuntu Intrepid...

I've fixed it by changing this line:
static char pidfile_path[_POSIX_PATH_MAX];

to:
static char pidfile_path[PATH_MAX];

because later on you use PATH_MAX to call getcwd(), and that's where the whole thing crashes.

on Intrepid _POSIX_PATH_MAX is 256, and PATH_MAX is 4096

Hope this helps...
Mario

Revision history for this message
Christian Roessner (christian-roessner-net) wrote :

Hi,

I can confirm this here on two other machines.

Linux roessner1 2.6.27-9-server #1 SMP Thu Nov 20 22:53:41 UTC 2008 i686 GNU/Linux
AMD Athlon(tm) 64 X2 Dual Core Processor 5600+

and

Linux desktop 2.6.27-10-generic #1 SMP Fri Nov 21 19:19:18 UTC 2008 x86_64 GNU/Linux
Intel(R) Core(TM)2 Quad CPU Q9450 @ 2.66GHz

Could you please fix this bug?

Thanks in advance

Andreas Wenning (andreas-wenning)
Changed in vde2:
assignee: nobody → andreas-wenning
status: New → In Progress
Revision history for this message
Andreas Wenning (andreas-wenning) wrote :

Found a fix in upstream svn. I've prepared a debdiff for inclusion in jaunty.

Changed in vde2:
assignee: andreas-wenning → nobody
status: In Progress → Confirmed
Revision history for this message
Iain Lane (laney) wrote :

Thanks a lot, uploaded!

Changed in vde2:
status: Confirmed → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package vde2 - 2.2.2-3ubuntu1

---------------
vde2 (2.2.2-3ubuntu1) jaunty; urgency=low

  * Add debian/patches/fix_slirpvde_buffer_overflow.patch to fix buffer
    overflow in slirpvde. (LP: #287109)

 -- Andreas Wenning <email address hidden> Sat, 28 Feb 2009 20:43:35 +0100

Changed in vde2:
status: Fix Committed → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in vde2:
status: Unknown → New
Revision history for this message
obstriegel (obstriegel) wrote :

Im on ubuntu intrepid (Linux 2.6.27-11-generic #1 SMP Wed Apr 1 20:53:41 UTC 2009 x86_64 GNU/Linux) and the problem still occours. Is the fix really released?
I have installed the package vde2 and running slirpvde still gives me the same buffer overflow error as mentioned above.

Revision history for this message
Andreas Wenning (andreas-wenning) wrote :

@obstriegel
The problem is fixed in Ubuntu jaunty 9.04 which is due to be released in around 10 days.

Revision history for this message
Andreas Wenning (andreas-wenning) wrote :

Minimal debdiff fixing this for intrepid.

description: updated
summary: - slirpvde: buffer overflow
+ [SRU] slirpvde buffer overflow
Revision history for this message
Andreas Wenning (andreas-wenning) wrote :

Uploaded to intrepid-proposed. Waiting for motu-sru ACK.

Revision history for this message
John Dong (jdong) wrote :

Patch looks good, ACK from motu-sru.

Revision history for this message
Martin Pitt (pitti) wrote :

Accepted into intrepid-proposed; please test and give feedback here. Please see https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in vde2 (Ubuntu Intrepid):
status: New → Fix Committed
tags: added: verification-needed
Revision history for this message
Andreas Wenning (andreas-wenning) wrote :

The uploaded package works as expected here. No more crashes on start, and slirpvde and the other binaries works.

@obstriegel
Can you confirm that the package in intrepid-proposed solves it for you?

Martin Pitt (pitti)
tags: added: verification-done
removed: verification-needed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package vde2 - 2.2.2-3ubuntu0.1

---------------
vde2 (2.2.2-3ubuntu0.1) intrepid-proposed; urgency=low

  * Add debian/patches/fix_slirpvde_buffer_overflow.patch to fix buffer
    overflow in slirpvde. (LP: #287109)

 -- Andreas Wenning <email address hidden> Thu, 16 Apr 2009 17:56:06 +0200

Changed in vde2 (Ubuntu Intrepid):
status: Fix Committed → Fix Released
Revision history for this message
Artur Rona (ari-tczew) wrote :

Done: Ludovico Gardenghi <email address hidden>

Bug is archived. No further changes may be made.

Changed in vde2 (Debian):
importance: Unknown → Undecided
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.