[Bug 981522] New: sessreg Module experiences buffer overflow at high UID
http://bugzilla.opensuse.org/show_bug.cgi?id=981522 Bug ID: 981522 Summary: sessreg Module experiences buffer overflow at high UID Classification: openSUSE Product: openSUSE Distribution Version: 13.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: X.Org Assignee: xorg-maintainer-bugs@forge.provo.novell.com Reporter: reinhard.hennig@ofd-z.niedersachsen.de QA Contact: xorg-maintainer-bugs@forge.provo.novell.com Found By: --- Blocker: --- xdm and kdm crash when UID beyond 10.000.000 are used. Some UIDs provide stable logins but some don't. For example 20.000.000 works fine, 25.000.000 fails. You can provoke the error by make a simple account like this in your /etc/passwd file: otto:x:25000107:25000000:Testuser lokal:/opt/home/otto:/bin/bash kdm and xdm crash, while terminal based login and graphical logins using gdm work fine. This account in your /etc/passwd works fine: willi:x:20000107:20000000:Testuser lokal:/opt/home/willi:/bin/bash reason for that behaviour is a buffer overflow in this module: sessreg used by xdm and kdm. It doesn't depend on the source (/etc/passwd or ldap). You may check by doing sessreg -a willi # works, returns no error sessreg -a otto # returns error: seeking lastlog entry: Invalid argument Other Scenarios: Yes: Login using gdm displaymanager is not affected Fix: choose different UIDs or gdm Fast help would be appreciated. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=981522
http://bugzilla.opensuse.org/show_bug.cgi?id=981522#c1
Egbert Eich
Fast help would be appreciated.
Henning, I'm sorry, there won't be fast help for this I'm afraid. This is openSUSE, everything here is pretty much 'best efford'. openSUSE is free software: Ttere is a saying in the free software world: 'everybody gets to scratch his own back'. This means two things: 1. since the code is open and you are allowed to modify it, you are able to fix things yourself. Nothing will be in your way. You may even share your changes with others and provide them to the upstream project. If your patch is correct and the project accepts it, you have two advantages: a. it will work in future versions as well. b. you may have helped others. 2. since free software is mostly done by volunteers, there is no one who has an obligation to help you, so unless someone else's back itches the same way yours does, chances are you will have to fix it yourself. This boils down to: if you want a fix fast, you will have to do it yourself. If you have a patch, you are welcome to provide it here and we can help you by reviewing it and making sure it gets back to the upstream project. If you are patient and can wait, someone will come to it eventually and look into it. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=981522
http://bugzilla.opensuse.org/show_bug.cgi?id=981522#c2
--- Comment #2 from Stefan Dirsch
http://bugzilla.opensuse.org/show_bug.cgi?id=981522
http://bugzilla.opensuse.org/show_bug.cgi?id=981522#c3
--- Comment #3 from Hennig Reinhard
http://bugzilla.opensuse.org/show_bug.cgi?id=981522
http://bugzilla.opensuse.org/show_bug.cgi?id=981522#c4
Hennig Reinhard
http://bugzilla.opensuse.org/show_bug.cgi?id=981522
http://bugzilla.opensuse.org/show_bug.cgi?id=981522#c5
--- Comment #5 from Stefan Dirsch
http://bugzilla.opensuse.org/show_bug.cgi?id=981522
http://bugzilla.opensuse.org/show_bug.cgi?id=981522#c6
--- Comment #6 from Hennig Reinhard
http://bugzilla.opensuse.org/show_bug.cgi?id=981522
http://bugzilla.opensuse.org/show_bug.cgi?id=981522#c7
Egbert Eich
http://bugzilla.opensuse.org/show_bug.cgi?id=981522
Egbert Eich
http://bugzilla.opensuse.org/show_bug.cgi?id=981522
http://bugzilla.opensuse.org/show_bug.cgi?id=981522#c8
--- Comment #8 from Stefan Dirsch
http://bugzilla.opensuse.org/show_bug.cgi?id=981522
http://bugzilla.opensuse.org/show_bug.cgi?id=981522#c9
Egbert Eich
http://bugzilla.opensuse.org/show_bug.cgi?id=981522
http://bugzilla.opensuse.org/show_bug.cgi?id=981522#c10
--- Comment #10 from Egbert Eich
Hmm. So Reinhard Henning is Herbert Kütz? I've found three lseek() calls in
Reinhard has contacted my by email, I've only added the information releant to this ticket here. The developer who found the fix for the problem at hand was Herbert Kütz.
the sources. Also lseed64() manual page tells me one needs a
#define _LARGEFILE64_SOURCE
before
#include
So no Reviewed-by from my side at this moment. ;-)
This may be done already thru some header. For convenience there is an autoconf macro which takes care of it. This macros has been used already however it was useless as the code still used casts to long. With this macro it should be fine to use off_t and lseek() as it checks for any needed compiler flags so that these can deal with 'largefiles'. I've fixed all occurrences of lseek() in my test package. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=981522
http://bugzilla.opensuse.org/show_bug.cgi?id=981522#c11
Egbert Eich
participants (1)
-
bugzilla_noreply@novell.com