[Bug 1153149] New: ldconfig stack smash / produces garbage symlinks
http://bugzilla.suse.com/show_bug.cgi?id=1153149 Bug ID: 1153149 Summary: ldconfig stack smash / produces garbage symlinks Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: x86-64 OS: Linux Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: schwab@suse.de Reporter: jengelh@inai.de QA Contact: qa-bugs@suse.de CC: security-team@suse.de Found By: --- Blocker: --- Created attachment 820641 --> http://bugzilla.suse.com/attachment.cgi?id=820641&action=edit testcase Libraries in the libabseil0 package (attached again since the copy on the FTP may go away at some point) cause ldconfig to generate garbage symlinks. There may be a buffer overflow or something here. For example, » cd /tmp; rpm2cpio libabseil0-20181127-5.1.x86_64.rpm | cpio -diuv » mv libabsl_synchronization_libsynchronization.so.0 /usr/lib64 » ldconfig » ls -l /usr/lib64/ | tail -n1 | hexdump -C 00000000 6c 72 77 78 72 77 78 72 77 78 20 20 31 20 72 6f |lrwxrwxrwx 1 ro| 00000010 6f 74 20 72 6f 6f 74 20 20 20 20 20 20 20 34 37 |ot root 47| 00000020 20 4f 63 74 20 20 36 20 31 36 3a 33 36 20 d1 59 | Oct 6 16:36 .Y| 00000030 20 2d 3e 20 6c 69 62 61 62 73 6c 5f 73 79 6e 63 | -> libabsl_sync| 00000040 68 72 6f 6e 69 7a 61 74 69 6f 6e 5f 6c 69 62 73 |hronization_libs| 00000050 79 6e 63 68 72 6f 6e 69 7a 61 74 69 6f 6e 2e 73 |ynchronization.s| 00000060 6f 2e 30 0a |o.0.| 00000064 So the libabsl_synchronization_libsynchronization.so.0 library I picked out from the set generates a symlink by the name of \xd1\x59. Packages used in the system: (libabseil0-20181127-5.1.x86_64) glibc-2.30-1.1.x86_64 (Tumbleweed 20191003) -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1153149
http://bugzilla.suse.com/show_bug.cgi?id=1153149#c1
--- Comment #1 from Andreas Schwab
http://bugzilla.suse.com/show_bug.cgi?id=1153149
Andreas Schwab
http://bugzilla.suse.com/show_bug.cgi?id=1153149
http://bugzilla.suse.com/show_bug.cgi?id=1153149#c2
Andreas Schwab
participants (1)
-
bugzilla_noreply@novell.com