Groups | Search | Server Info | Keyboard shortcuts | Login | Register
Groups > gnu.utils.bug > #2243
| Path | csiph.com!3.us.feeder.erje.net!feeder.erje.net!news.linkpendium.com!news.linkpendium.com!panix!usenet.stanford.edu!not-for-mail |
|---|---|
| From | Salvatore Bonaccorso <carnil@debian.org> |
| Newsgroups | gnu.utils.bug |
| Subject | Re: Vulnerability Report on Sharutils 4.15.2 |
| Date | Sat, 14 Apr 2018 11:30:21 +0200 |
| Lines | 68 |
| Sender | Salvatore Bonaccorso <salvatore.bonaccorso@gmail.com> |
| Approved | bug-gnu-utils@gnu.org |
| Message-ID | <mailman.12355.1523698241.27995.bug-gnu-utils@gnu.org> (permalink) |
| References | <47a93dc0-b0f9-9dc7-593e-ce7f96f56e19@gmail.com> <20180325175147.GA13587@eldamar.local> <CAFkjv+vMm9SB+U04_97D+To9DUaOBS2O6uLBxM1=PsPYGdn8qg@mail.gmail.com> <20180326044616.f4aouw6a2k5px4jq@lorien.valinor.li> <CAFkjv+vZgV6zbrhnLQDpJETZjMyajo05=r+wtqZ6BvtgjV7=xg@mail.gmail.com> <20180406042611.GA3637@eldamar.local> <slrnpcpk5b.ao6.ppisar@dhcp-0-146.brq.redhat.com> |
| NNTP-Posting-Host | lists.gnu.org |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset=us-ascii |
| X-Trace | usenet.stanford.edu 1523698241 13253 208.118.235.17 (14 Apr 2018 09:30:41 GMT) |
| X-Complaints-To | action@cs.stanford.edu |
| To | bug-gnu-utils@gnu.org |
| Envelope-to | bug-gnu-utils@gnu.org |
| DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:date:from:to:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=hUnPO0fVO3r/oT9kIY8BsvEcAyOZSSHYgrDqkbwOjhQ=; b=rSbhYxdXKhNLwa2/TC8lGXbdYGdYK9wQUMu5pyQWarQaRFJCf/fOgPizu11rs4UjX+ NSveN5ifhETVTk6ZUQWvrTkZYXje8GkQoCxSwSHcvtEQc1XU+mBJlqsvgoouk6yTcUDC q6JEd/pv8jFTK9PbPPHZowNVlAlPDAd5hKC6Cx/hWOW/vTSpotxu0GEoiFmNjwqyECtZ otBNMI8Dyr3cVa7ZP4kR8JiP5nUefhGY28FSkryiQ0xVn6KkFcK5OmabGS33TQDx+bis mR2XZgR6vM4WP4BITNaY751O2NXXaKc355rEbAg9A0ZzOHV+cpkMiT7m2dRBBRj1wuNQ DClw== |
| X-Google-DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:from:to:subject:message-id :references:mime-version:content-disposition:in-reply-to:user-agent; bh=hUnPO0fVO3r/oT9kIY8BsvEcAyOZSSHYgrDqkbwOjhQ=; b=fiuM9owLHXhvUlSMWyOKeqYRmbGkB22/xhdiu7JiMG30mATcxvn6Q7iMBAleq2hINx shWDj0n8l0oEoTWzORZZKm6hketMoXRhQkqC8CAG0MQ3bHkuLOPFMKFZr5CFeKob3hXk pR5cVGhUBI5OPx1DWW46wntHZ25w/D+/vyJFLkRHHAibn0e25iYEnu0hjuGAMkP/u04J 3yMU8pV6f2qO+5n62MQL/QGPHdXJNHDvOarv9rtI53CptbwFqqQ7yXHBa18l9j/FlFmH pzHPPSLFOssoBqoNMFZUKPOMAiM+pIzQ9WnWSZzVmmiEO/lqngCEBnZ3V60TvcL435p4 LfYw== |
| X-Gm-Message-State | ALQs6tC/JFYLgb7/0l5KaHKzvyb0I9Rjv5YZ06qWO9OFA8KwFgpIW8zk MrjEZ4AFfnMveOXJPeznW8x+jg== |
| X-Google-Smtp-Source | AIpwx4/GpOOhLl6qpL9EF7joqjn8A+/L3sAWCK3fY37YPGZJvxfuksC1ZkbSVGoiYgS6UDuGzod8Kg== |
| X-Received | by 10.223.219.198 with SMTP id e6mr6212198wrj.212.1523698226030; Sat, 14 Apr 2018 02:30:26 -0700 (PDT) |
| Content-Disposition | inline |
| In-Reply-To | <slrnpcpk5b.ao6.ppisar@dhcp-0-146.brq.redhat.com> |
| User-Agent | Mutt/1.9.4 (2018-02-28) |
| X-detected-operating-system | by eggs.gnu.org: Genre and OS details not recognized. |
| X-Received-From | 2a00:1450:400c:c0c::235 |
| X-BeenThere | bug-gnu-utils@gnu.org |
| X-Mailman-Version | 2.1.21 |
| Precedence | list |
| List-Id | Bug reports for the GNU utilities <bug-gnu-utils.gnu.org> |
| List-Unsubscribe | <https://lists.gnu.org/mailman/options/bug-gnu-utils>, <mailto:bug-gnu-utils-request@gnu.org?subject=unsubscribe> |
| List-Archive | <http://lists.gnu.org/archive/html/bug-gnu-utils/> |
| List-Post | <mailto:bug-gnu-utils@gnu.org> |
| List-Help | <mailto:bug-gnu-utils-request@gnu.org?subject=help> |
| List-Subscribe | <https://lists.gnu.org/mailman/listinfo/bug-gnu-utils>, <mailto:bug-gnu-utils-request@gnu.org?subject=subscribe> |
| Xref | csiph.com gnu.utils.bug:2243 |
Show key headers only | View raw
Hi Petr On Tue, Apr 10, 2018 at 02:54:32PM +0000, Petr Pisar wrote: > On 2018-04-06, Salvatore Bonaccorso <carnil@debian.org> wrote: > > AFAICT for this issue still no proposed fix is available for the > > issues raised in > > https://lists.gnu.org/archive/html/bug-gnu-utils/2018-02/msg00003.html, > > Well, I cannot reproduce it. Maybe the attachent with the reproducer is > wrong. The message reads 2.fuzz, but the attachent contains four > SIGSEGV*.fuzz files. Runnning unshar on any of them results in: > > sh: line 14386: warning: here-document at line 37 delimited by end-of-file (wanted `_EOF_') > sh: line 14387: syntax error: unexpected end of file > > (the line numbers differ) and valgrdind does not show any issue in the > unshar process. That you were not able to reproduce let me look again at it. So I can reproduce it on an up-to-date Debian unstable (amd64) system, with sharutils updated up to 1:4.15.2-3. Valgrind shows: $ valgrind unshar SIGSEGV.PC.80018413.STACK.1dab0c403.CODE.1.ADDR.0xbf7fe258.INSTR.push___%ecx.fuzz ==3784== Memcheck, a memory error detector ==3784== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==3784== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info ==3784== Command: unshar SIGSEGV.PC.80018413.STACK.1dab0c403.CODE.1.ADDR.0xbf7fe258.INSTR.push___%ecx.fuzz ==3784== SIGSEGV.PC.80018413.STACK.1dab0c403.CODE.1.ADDR.0xbf7fe258.INSTR.push___%ecx.fuzz: Segmentation fault ==3784== ==3784== Process terminating with default action of signal 13 (SIGPIPE) ==3784== at 0x4F21134: write (write.c:27) ==3784== by 0x4EB24BC: _IO_file_write@@GLIBC_2.2.5 (fileops.c:1203) ==3784== by 0x4EB17DE: new_do_write (fileops.c:457) ==3784== by 0x4EB3648: _IO_do_write@@GLIBC_2.2.5 (fileops.c:433) ==3784== by 0x4EB2B7E: _IO_file_xsputn@@GLIBC_2.2.5 (fileops.c:1266) ==3784== by 0x4EB13BF: fwrite_unlocked (iofwrite_u.c:43) ==3784== by 0x10C3E6: unshar_file (unshar.c:396) ==3784== by 0x10BC4E: validate_fname (unshar-opts.c:604) ==3784== by 0x10BC4E: main (unshar-opts.c:639) ==3784== ==3784== HEAP SUMMARY: ==3784== in use at exit: 4,920 bytes in 4 blocks ==3784== total heap usage: 55 allocs, 51 frees, 167,287 bytes allocated ==3784== ==3784== LEAK SUMMARY: ==3784== definitely lost: 0 bytes in 0 blocks ==3784== indirectly lost: 0 bytes in 0 blocks ==3784== possibly lost: 0 bytes in 0 blocks ==3784== still reachable: 4,920 bytes in 4 blocks ==3784== suppressed: 0 bytes in 0 blocks ==3784== Rerun with --leak-check=full to see details of leaked memory ==3784== ==3784== For counts of detected and suppressed errors, rerun with: -v ==3784== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0) and actually sh/dash segfaults. Since you were not able to reproduce, I switched to bash as /bin/sh, and indeed I land were you got: $ unshar SIGSEGV.PC.80018413.STACK.1dab0c403.CODE.1.ADDR.0xbf7fe258.INSTR.push___%ecx.fuzz SIGSEGV.PC.80018413.STACK.1dab0c403.CODE.1.ADDR.0xbf7fe258.INSTR.push___%ecx.fuzz: sh: line 13462: warning: here-document at line 37 delimited by end-of-file (wanted `_EOF_') sh: line 13463: syntax error: unexpected end of file Regards, Salvatore
Back to gnu.utils.bug | Previous | Next | Find similar
Re: Vulnerability Report on Sharutils 4.15.2 Salvatore Bonaccorso <carnil@debian.org> - 2018-04-14 11:30 +0200
csiph-web