Your message dated Sat, 09 Mar 2013 04:17:47 +0000
with message-id <[email protected]>
and subject line Bug#700738: fixed in tty-clock 2.0-1
has caused the Debian Bug report #700738,
regarding tty-clock: use-after-free and other unsafeties
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
700738: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700738
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: tty-clock
Version: 1.1-1
Severity: serious
Justification: use-after-free and who knows what else
Hi!
Just saw ttyclock in the wanna-build Needs-Build list for m68k,
and thought to have a look at what it can do (comparison with
my /usr/share/doc/mksh/examples/uhr.gz script, for example),
compiled and run it under MirBSD (since I sat at it), SIGABRT.
Okay, what’s it do…
tg@blau:~ $ gdb --args ./ttyclock -i
GNU gdb 6.3.50.20050707
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "--host=i386-ecce-mirbsd10 --target="...
(gdb) r
Starting program: /home/tg/ttyclock -i
TTY-Clock 2 © by Martin Duquesnoy ([email protected])
ttyclock in free(): error: bogus pointer (double free?) 0xdfdfdfdf
Program received signal SIGABRT, Aborted.
0x03e435e7 in kill () from /usr/lib/libc.so.41.10
(gdb) bt
#0 0x03e435e7 in kill () from /usr/lib/libc.so.41.10
#1 0x03e7aac8 in abort () from /usr/lib/libc.so.41.10
#2 0x03e637a0 in wrterror () from /usr/lib/libc.so.41.10
#3 0x03e64fcd in free () from /usr/lib/libc.so.41.10
#4 0x1c001f5d in main (argc=2, argv=0xcfbf9670) at ttyclock.c:482
(gdb) frame 4
#4 0x1c001f5d in main (argc=2, argv=0xcfbf9670) at ttyclock.c:482
482 free(ttyclock->option.format);
(gdb) print *ttyclock
$1 = {running = 3755991007, bg = -538976289, option = {second = 3755991007,
twelve = 3755991007,
center = 3755991007, rebound = 3755991007, box = 3755991007,
format = 0xdfdfdfdf <Address 0xdfdfdfdf out of bounds>, color = -538976289,
delay = -538976289}, geo = {
x = -538976289, y = -538976289, w = -538976289, h = -538976289, a =
-538976289, b = -538976289}, date = {
hour = {3755991007, 3755991007}, minute = {3755991007, 3755991007}, second
= {3755991007, 3755991007},
datestr = '�' <repeats 256 times>}, tm = 0xdfdfdfdf, lt =
-2314885530818453537,
meridiem = 0xdfdfdfdf <Address 0xdfdfdfdf out of bounds>, framewin =
0xdfdfdfdf, datewin = 0xdfdfdfdf}
Argh. Okay. So omalloc found something… looking at the source:
479 case 'i':
480 puts("TTY-Clock 2 © by Martin Duquesnoy
([email protected])");
481 free(ttyclock);
482 free(ttyclock->option.format);
483 exit(EXIT_SUCCESS);
This is an obvious use-after-free. The code is full with it.
I think that this program is not in shape for distribution.
Calling stdio (line 130), ncurses (line 119, 120, 129) and
other funny stuff in the signal handler is also almost cer‐
tainly broken. Even line 125 will not work, as the only data
type that can safely be accessed from a signal handler is of
the type “volatile sig_atomic_t”, which ttyclock->running is
not.
bye,
//mirabilos
--
Support mksh as /bin/sh and RoQA dash NOW!
‣ src:bash (257 (276) bugs: 0 RC, 178 (192) I&N, 79 (84) M&W, 0 (0) F&P)
‣ src:dash (84 (98) bugs: 3 RC, 39 (43) I&N, 42 (52) M&W, 0 F&P)
‣ src:mksh (1 bug: 0 RC, 0 I&N, 1 M&W, 0 F&P)
http://qa.debian.org/data/bts/graphs/d/dash.png is pretty red, innit?
--- End Message ---
--- Begin Message ---
Source: tty-clock
Source-Version: 2.0-1
We believe that the bug you reported is fixed in the latest version of
tty-clock, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Antoine Beaupré <[email protected]> (supplier of updated tty-clock package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 08 Mar 2013 22:30:45 -0500
Source: tty-clock
Binary: tty-clock
Architecture: source amd64
Version: 2.0-1
Distribution: experimental
Urgency: low
Maintainer: Antoine Beaupré <[email protected]>
Changed-By: Antoine Beaupré <[email protected]>
Description:
tty-clock - simple terminal clock
Closes: 686466 689248 700738 702171
Changes:
tty-clock (2.0-1) experimental; urgency=low
.
* new upstream (Closes: #689248, #686466, #700738).
* fix Vcs-$foo headers, thanks to David Bremner (Closes: #702171).
* upstream now has a manpage (Closes: #686466).
* patch: fix hardening flags
Checksums-Sha1:
e52fe65ee8985f4853af03ca614197e59abbdb61 1832 tty-clock_2.0-1.dsc
24f83f31879a5c601cc833e131dbecde99559ca0 7045 tty-clock_2.0.orig.tar.gz
4a9c1ebba23c14a14cec2eaff85f1ba69c18e265 3760 tty-clock_2.0-1.debian.tar.gz
ac56a9c4b14e3400ed804a85afbe2f90a947aa76 12846 tty-clock_2.0-1_amd64.deb
Checksums-Sha256:
b0edfffacb6c560fe52f29bb1993ec928bc01871567bb4cedbec7246af550180 1832
tty-clock_2.0-1.dsc
6b30de03e6f8e3eeb8385bc0e426b97a92a9a8555871cb50fb7a2e36df61c2d3 7045
tty-clock_2.0.orig.tar.gz
d04e286a148fbba56a382bebe215cbcb19d695bf1a6eb13ca8e660862bdd0949 3760
tty-clock_2.0-1.debian.tar.gz
41b8309795059c34fe5c0e232653aa06791d32dbddb9e26999ca7a64645fff7e 12846
tty-clock_2.0-1_amd64.deb
Files:
cc471faefa2d574aaf65efde26e2268e 1832 utils extra tty-clock_2.0-1.dsc
c35469fac21d721844155e78e19fb68f 7045 utils extra tty-clock_2.0.orig.tar.gz
b9b466166a4c797a3f173f41ff9f893e 3760 utils extra tty-clock_2.0-1.debian.tar.gz
26242166ad3735c2e103791d6ae640af 12846 utils extra tty-clock_2.0-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJROrUyAAoJEHkhUlJ7dZIeZSUP/iuyozFYTEU7JuY6FLmoag2d
m1DJ0kd3agxVpL0a5/kgZCqsf0SKiak/8c/lq/bX75P1kvyXdXFHEmXZEP71bFKA
oqZ5LZEgyhyn42/QEl/GfjBTuR1G/JhcL0pJsRnJ2LmbBCLtEXvq84qHv9D/FweL
p0hm1u6gqBvNila25wrqIHI+ZJZdoq8bPzpSWEKbYBGZ00J24S5C/gic4HhuRbK3
MeebaLaQmPnD9VoYZHUM5DLXMmPJdOhO3DX7qg19X4pexFDBVsT5BOxqeja/IAiV
oMG9OSXo6KsRc3CfHHIfn8SCob1CcK92wBz/56ZtyIJhhCzo122jTsnESp8Tdb59
7/I00bQYCwWgFhtm1WLxetM8YdpsuGjHl90G11FT+9kama4ROpnev3UfAM8ZDh6U
NpIKN7S9+ME1dTIAw3jqDzVGIzrm0FuPh4eSqvjJgdfObz0VqnXSbnFC/9yuKqIN
+v7gm7qLaYpw3+Au4vFCeYVPdHCtOcpHxMkxh6QRXT1g7T+KBejtFXYnQHdW2Bek
V3FPbtDM/Bk/uqune8+7WsqMPiwQvoubOOHaaWA5zcLfY7woAS5y/NeN/hLKbfg4
HP0TmjOwstEJ3HChZLeCTzcQaN3th+xcApHOHgmA6ybiuR7yd0Y6qeWGRMkGgARr
4dB4x1c9gaxaYrK+1Mz/
=HZ2o
-----END PGP SIGNATURE-----
--- End Message ---
