[Bug 237107] New: gnokii on opensuse 10.2 bufer overflow
https://bugzilla.novell.com/show_bug.cgi?id=237107 Summary: gnokii on opensuse 10.2 bufer overflow Product: openSUSE 10.2 Version: Final Platform: x86 OS/Version: SuSE Other Status: NEW Severity: Major Priority: P5 - None Component: Other AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: bashlogic@gmail.com QAContact: qa@suse.de I have been trying to use the gnokii to read sms messages of my mobile device. everytime i attempt to read it would result in a buffer over flow. After tackling the issue for sometime, I downloaded the same gnokii version source (0.6.14) compiled it the usual way (configure/make) and tested that binary and suprisingly i was able to read the messages of the phone devices without any errors or buffer overflows. here is a copy of the buffer overflow text. -------------8<------------ GNOKII Version 0.6.14 *** buffer overflow detected ***: gnokii terminated ======= Backtrace: ========= /lib/libc.so.6(__chk_fail+0x41)[0xb7d06581] /lib/libc.so.6[0xb7d05a07] /usr/lib/libgnokii.so.3[0xb7f3450a] /usr/lib/libgnokii.so.3(gn_sms_parse+0xa7)[0xb7f35067] /usr/lib/libgnokii.so.3(gn_sms_get+0xb4)[0xb7f35d54] gnokii[0x805b6d5] gnokii[0x804ad0c] gnokii[0x804b6fd] /lib/libc.so.6(__libc_start_main+0xdc)[0xb7c4af9c] gnokii[0x804a3f1] ======= Memory map: ======== 08048000-08067000 r-xp 00000000 09:01 34232255 /usr/bin/gnokii 08067000-08069000 rw-p 0001e000 09:01 34232255 /usr/bin/gnokii 08069000-0808d000 rw-p 08069000 00:00 0 [heap] b7bc1000-b7bcb000 r-xp 00000000 09:01 125877535 /lib/libgcc_s.so.1 b7bcb000-b7bcd000 rw-p 00009000 09:01 125877535 /lib/libgcc_s.so.1 b7bf9000-b7c34000 r--p 00000000 09:01 92282341 /usr/lib/locale/en_US.utf8/LC_CTYPE b7c34000-b7c35000 rw-p b7c34000 00:00 0 b7c35000-b7d5d000 r-xp 00000000 09:01 125864487 /lib/libc-2.5.so b7d5d000-b7d5e000 r--p 00128000 09:01 125864487 /lib/libc-2.5.so b7d5e000-b7d60000 rw-p 00129000 09:01 125864487 /lib/libc-2.5.so b7d60000-b7d64000 rw-p b7d60000 00:00 0 b7d64000-b7d66000 r-xp 00000000 09:01 125864493 /lib/libdl-2.5.so b7d66000-b7d68000 rw-p 00001000 09:01 125864493 /lib/libdl-2.5.so b7d68000-b7d6c000 r-xp 00000000 09:01 33619600 /usr/lib/libXdmcp.so.6.0.0 b7d6c000-b7d6e000 rw-p 00003000 09:01 33619600 /usr/lib/libXdmcp.so.6.0.0 b7d6e000-b7d70000 r-xp 00000000 09:01 33619598 /usr/lib/libXau.so.6.0.0 b7d70000-b7d72000 rw-p 00001000 09:01 33619598 /usr/lib/libXau.so.6.0.0 b7d72000-b7e8a000 r-xp 00000000 09:01 33747296 /usr/lib/libX11.so.6.2.0 b7e8a000-b7e8e000 rw-p 00118000 09:01 33747296 /usr/lib/libX11.so.6.2.0 b7e8e000-b7e8f000 rw-p b7e8e000 00:00 0 b7e8f000-b7ea3000 r-xp 00000000 09:01 125872193 /lib/libpthread-2.5.so b7ea3000-b7ea5000 rw-p 00013000 09:01 125872193 /lib/libpthread-2.5.so b7ea5000-b7ea7000 rw-p b7ea5000 00:00 0 b7ea7000-b7eb6000 r-xp 00000000 09:01 33860693 /usr/lib/libXpm.so.4.11.0 b7eb6000-b7eb8000 rw-p 0000e000 09:01 33860693 /usr/lib/libXpm.so.4.11.0 b7eb8000-b7eb9000 rw-p b7eb8000 00:00 0 b7eb9000-b7ec9000 r-xp 00000000 09:01 33641519 /usr/lib/libbluetooth.so.2.4.1 b7ec9000-b7ecb000 rw-p 0000f000 09:01 33641519 /usr/lib/libbluetooth.so.2.4.1 b7ecb000-b7ed1000 r-xp 00000000 09:01 33674148 /usr/lib/libusb-0.1.so.4.4.4 b7ed1000-b7ed4000 rw-p 00005000 09:01 33674148 /usr/lib/libusb-0.1.so.4.4.4 b7ed4000-b7f0c000 r-xp 00000000 09:01 33671030 /usr/lib/libical.so.0.0.0 b7f0c000-b7f0d000 r--p 00037000 09:01 33671030 /usr/lib/libical.so.0.0.0 b7f0d000-b7f17000 rw-p 00038000 09:01 33671030 /usr/lib/libical.so.0.0.0 b7f17000-b7f18000 rw-p b7f17000 00:00 0 b7f18000-b7f7f000 r-xp 00000000 09:01 34232293 /usr/lib/libgnokii.so.3.0.0 b7f7f000-b7f80000 r--p 00067000 09:01 34232293 /usr/lib/libgnokii.so.3.0.0 b7f80000-b7f83000 rw-p 00068000 09:01 34232293 /usr/lib/libgnokii.so.3.0.0 b7f83000-b7f8c000 rw-p b7f83000 00:00 0 b7fb0000-b7fb1000 rw-p b7fb0000 00:00 0 b7fb1000-b7fb8000 r--s 00000000 09:01 50370662 /usr/lib/gconv/gconv-modules.cache b7fb8000-b7fb9000 rw-p b7fb8000 00:00 0 b7fb9000-b7fba000 r-xp b7fb9000 00:00 0 [vdso] b7fba000-b7fd5000 r-xp 00000000 09:01 125864480 /lib/ld-2.5.so b7fd5000-b7fd7000 rw-p 0001a000 09:01 125864480 /lib/ld-2.5.so bfaab000-bfac6000 rw-p bfaab000 00:00 0 [stack] Aborted -------------8<------------ -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=237107 judas_iscariote@shorewall.net changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team- |ro@novell.com |screening@forge.provo.novell| |.com | ------- Comment #1 from judas_iscariote@shorewall.net 2007-01-20 12:30 MST ------- this buffer overflow is probably catched by -fstack-protector ( god bless it ;)) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=237107 ro@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |aj@novell.com AssignedTo|ro@novell.com |prusnak@novell.com ------- Comment #2 from ro@novell.com 2007-01-25 10:06 MST ------- reassigning to package maintainer (AJ: update approved ?) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=237107 ------- Comment #3 from aj@novell.com 2007-01-26 00:44 MST ------- Update approved. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=237107 ------- Comment #4 from aj@novell.com 2007-01-26 00:45 MST ------- MaintenanceTracker-8118 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=237107 prusnak@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO Info Provider| |bashlogic@gmail.com ------- Comment #5 from prusnak@novell.com 2007-01-30 07:25 MST ------- openSUSE 10.2 does not contain any patches for gnokii, so it seems that this indeed is stack protector issue. Could you please compile 0.6.14 with stack protector: CFLAGS="-fstack-protector" ./configure make And then compile CVS version also with stack protector: svn co http://gnokii.gforge.punktart.de/svn/gnokii/trunk/ cd trunk chmod +x ./autogen.sh CFLAGS="-fstack-protector" ./autogen.sh make And test both binaries if they crash? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=237107 ------- Comment #6 from bashlogic@gmail.com 2007-01-30 11:08 MST ------- hello, i am not close to the system so i cant compile and test right now but this i can share with you. i spoke with some members of the gnokii team and they appearently found and patced the bug. it is in the svn source regardless that they did not incriment the version number. ill give it a try and compile with the specified flags the first chance i get. regards BL (In reply to comment #5)
openSUSE 10.2 does not contain any patches for gnokii, so it seems that this indeed is stack protector issue. Could you please compile 0.6.14 with stack protector:
CFLAGS="-fstack-protector" ./configure make
And then compile CVS version also with stack protector:
svn co http://gnokii.gforge.punktart.de/svn/gnokii/trunk/ cd trunk chmod +x ./autogen.sh CFLAGS="-fstack-protector" ./autogen.sh make
And test both binaries if they crash?
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=237107 ------- Comment #7 from prusnak@novell.com 2007-01-31 02:34 MST ------- (In reply to comment #6)
... i spoke with some members of the gnokii team and they appearently found and patced the bug. it is in the svn source regardless that they did not incriment the version number.
I thought so, but wasn't sure. That's why I wanted you to test it.
ill give it a try and compile with the specified flags the first chance i get.
Thanks in advance. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=237107 ------- Comment #8 from prusnak@novell.com 2007-01-31 06:52 MST ------- Created an attachment (id=116539) --> (https://bugzilla.novell.com/attachment.cgi?id=116539&action=view) patch - adding changes from CVS version -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=237107 ------- Comment #9 from prusnak@novell.com 2007-01-31 06:55 MST ------- (In reply to comment #8)
Created an attachment (id=116539) --> (https://bugzilla.novell.com/attachment.cgi?id=116539&action=view)
I created a patch, adding features from CVS version. bashlogic, could you please test 0.6.14 with this patch for crashes as well? tar xfvj gnokii-0.6.14.tar.bz2 cd gnokii-0.6.14/ patch -p0 < ../gnokii-0.6.14-cvs.patch CFLAGS="-fstack-protector" ./configure make -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=237107 ------- Comment #10 from bashlogic@gmail.com 2007-02-19 11:35 MST ------- hello, could you send the patch attachment by email as when i copy paste i get: patch: **** malformed patch at line 5: gn_statemachine *state); */ -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=237107 ------- Comment #11 from bashlogic@gmail.com 2007-02-19 11:42 MST ------- hello, i tested by starting a new compilation with the following given insctructions. ---- CFLAGS="-fstack-protector" ./configure make ---- but i still got the following: GNOKII Version 0.6.14 *** buffer overflow detected ***: gnokii terminated ======= Backtrace: ========= /lib/libc.so.6(__chk_fail+0x41)[0xb7c38581] /lib/libc.so.6[0xb7c37a07] /usr/lib/libgnokii.so.3[0xb7e6650a] /usr/lib/libgnokii.so.3(gn_sms_parse+0xa7)[0xb7e67067] /usr/lib/libgnokii.so.3(gn_sms_get+0xb4)[0xb7e67d54] gnokii[0x805b6d5] gnokii[0x804ad0c] gnokii[0x804b6fd] /lib/libc.so.6(__libc_start_main+0xdc)[0xb7b7cf9c] gnokii[0x804a3f1] ----- i will try again with the patch that you have mentioned once i get it via email as copy paste most propably is causing a malformation to the patch file. regards BL -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=237107 ------- Comment #12 from prusnak@novell.com 2007-02-22 02:20 MST ------- You can save patch by clicking right mouse button and selecting "Save link as", it is not necessary to copy-paste from browser. Anyway, patch sent to your e-mail. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=237107 bashlogic@gmail.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW Info Provider|bashlogic@gmail.com | ------- Comment #13 from bashlogic@gmail.com 2007-02-22 11:46 MST ------- hello thank you for sending the patch via email. for some reason when i tried to save the file or copy paste, i kept getting error on line n#5 when applying the patch. i patched the gnokii source, and reconfigured with the f-stack protect and then compiled with the end result being positive. the patch works! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=237107 prusnak@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Comment #14 from prusnak@novell.com 2007-02-23 02:59 MST ------- Bashlogic: Thank you for report and your cooperation. Andreas: Gnokii submitted to 10.2 and STABLE. Patchinfo for 10.2 generated in SWAMP. Closing, reopen if needed. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=237107 meissner@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |meissner@novell.com ------- Comment #15 from meissner@novell.com 2007-02-23 03:07 MST ------- btw, the first trace originated from -D_FORTIFY_SOURCE=2 not stack protector. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=237107 ------- Comment #16 from ast@novell.com 2007-03-05 07:24 MST ------- released -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
participants (1)
-
bugzilla_noreply@novell.com