Your message dated Sun, 20 Aug 2017 03:49:17 +0000
with message-id <[email protected]>
and subject line Bug#841668: fixed in grok 1.20110708.1-4.2
has caused the Debian Bug report #841668,
regarding grok: Fix for wrong pointer aliasing in grok
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
841668: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=841668
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: grok
Version: 1.20110708.1-4.1
Severity: important
Tags: patch
User: [email protected]
Usertags: origin-ubuntu zesty ubuntu-patch
Hi Stig,
While debugging a build failure of syslog-ng-incubator on s390x in Ubuntu,
I've identified a bug in the grok code related to pointer aliasing. The
regexp_len argument to grok_pattern_find() has been defined as a size_t*,
but this pointer is then passed through to a tokyocabinet API that only
takes an int*, which leaves half of the size_t variable uninitialized on
64-bit architectures. And on big-endian architectures, crucially, it's the
lower half of the variable that's uninitialized, eventually leading to a
crash.
The attached patch fixes this by explicitly declaring the API to be based on
an int* instead of a size_t*, and fixing the internal callers of
grok_pattern_find(). Note that this is an API change (changing the
prototype of a public function), but is not an ABI change; I'm only changing
the public declaration to match the actual behavior. Therefore, if there
are other external users of this function which are assuming they can pass
in a size_t* to uninitialized memory and use it afterwards, those callers
will still see buggy behavior. So you (or upstream) may wish instead to
keep the prototype as-is, and fix up the pointer aliasing within the
function.
Thanks for considering the patch!
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
[email protected] [email protected]
diff -Nru grok-1.20110708.1/debian/patches/fix_wrong_pointer_alias.patch grok-1.20110708.1/debian/patches/fix_wrong_pointer_alias.patch
--- grok-1.20110708.1/debian/patches/fix_wrong_pointer_alias.patch 1969-12-31 16:00:00.000000000 -0800
+++ grok-1.20110708.1/debian/patches/fix_wrong_pointer_alias.patch 2016-10-21 14:05:10.000000000 -0700
@@ -0,0 +1,64 @@
+Description: fix wrong pointer alias
+ size_t * != int *, and casting one to the other without initialization is
+ a good way to get garbage data into your program, leading to crashes such
+ as the one in
+ https://launchpad.net/ubuntu/+source/syslog-ng-incubator/0.5.0-1build1/+build/11039099
+Author: Steve Langasek <[email protected]>
+Forwarded: no
+Last-Update: 2016-10-21
+
+Index: grok-1.20110708.1/grok_pattern.c
+===================================================================
+--- grok-1.20110708.1.orig/grok_pattern.c
++++ grok-1.20110708.1/grok_pattern.c
+@@ -33,9 +33,9 @@
+ }
+
+ int grok_pattern_find(const grok_t *grok, const char *name, size_t name_len,
+- const char **regexp, size_t *regexp_len) {
++ const char **regexp, int *regexp_len) {
+ TCTREE *patterns = grok->patterns;
+- *regexp = tctreeget(patterns, name, name_len, (int*) regexp_len);
++ *regexp = tctreeget(patterns, name, name_len, regexp_len);
+
+ grok_log(grok, LOG_PATTERNS, "Searching for pattern '%s' (%s): %.*s",
+ name, *regexp == NULL ? "not found" : "found", *regexp_len, *regexp);
+Index: grok-1.20110708.1/grok_pattern.h
+===================================================================
+--- grok-1.20110708.1.orig/grok_pattern.h
++++ grok-1.20110708.1/grok_pattern.h
+@@ -9,7 +9,7 @@
+ int grok_pattern_add(const grok_t *grok, const char *name, size_t name_len,
+ const char *regexp, size_t regexp_len);
+ int grok_pattern_find(const grok_t *grok, const char *name, size_t name_len,
+- const char **regexp, size_t *regexp_len);
++ const char **regexp, int *regexp_len);
+ int grok_patterns_import_from_file(const grok_t *grok, const char *filename);
+ int grok_patterns_import_from_string(const grok_t *grok, const char *buffer);
+
+Index: grok-1.20110708.1/test/grok_pattern.test.c
+===================================================================
+--- grok-1.20110708.1.orig/test/grok_pattern.test.c
++++ grok-1.20110708.1/test/grok_pattern.test.c
+@@ -4,7 +4,7 @@
+ void test_grok_pattern_add_and_find_work(void) {
+ INIT;
+ const char *regexp = NULL;
+- size_t len = 0;
++ int len = 0;
+
+ grok_pattern_add(&grok, "WORD", 5, "\\w+", 3);
+ grok_pattern_add(&grok, "TEST", 5, "TEST", 4);
+Index: grok-1.20110708.1/grokre.c
+===================================================================
+--- grok-1.20110708.1.orig/grokre.c
++++ grok-1.20110708.1/grokre.c
+@@ -183,7 +183,7 @@
+ int start, end, matchlen;
+ const char *pattern_regex;
+ int patname_len;
+- size_t regexp_len;
++ int regexp_len;
+ int pattern_regex_needs_free = 0;
+
+ grok_log(grok, LOG_REGEXPAND, "% 20s: %.*s", "start of loop",
diff -Nru grok-1.20110708.1/debian/patches/series grok-1.20110708.1/debian/patches/series
--- grok-1.20110708.1/debian/patches/series 2015-01-26 01:57:27.000000000 -0800
+++ grok-1.20110708.1/debian/patches/series 2016-10-21 13:48:31.000000000 -0700
@@ -3,3 +3,4 @@
0002-Support-GNU-Hurd-add-necessary-linker-flag.patch
pcre-group-name.patch
ld-as-needed.diff
+fix_wrong_pointer_alias.patch
--- End Message ---
--- Begin Message ---
Source: grok
Source-Version: 1.20110708.1-4.2
We believe that the bug you reported is fixed in the latest version of
grok, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
SZALAY Attila <[email protected]> (supplier of updated grok package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 09 Aug 2017 16:36:26 -0400
Source: grok
Binary: grok libgrok1 libgrok-dev grok-dbg
Architecture: source amd64
Version: 1.20110708.1-4.2
Distribution: unstable
Urgency: medium
Maintainer: Stig Sandbeck Mathisen <[email protected]>
Changed-By: SZALAY Attila <[email protected]>
Description:
grok - powerful pattern-matching and reacting tool
grok-dbg - debugging symbols for grok
libgrok-dev - development files for grok
libgrok1 - shared libraries for grok
Closes: 841668 869594
Changes:
grok (1.20110708.1-4.2) unstable; urgency=medium
.
* Non-maintainer upload.
* Apply Steve Langasek's fix for wrong pointer alias bug
(Closes: #841668)
* Apply patches to allow build grok with gperf >= 3.1
(Closes: #869594)
Checksums-Sha1:
9529aafeae71bf2947777f11a81105e773b4f55e 2138 grok_1.20110708.1-4.2.dsc
c5e858b5cfb35d88f2606dad56e56a7e5e75774d 6440
grok_1.20110708.1-4.2.debian.tar.xz
01111ed128114e76bdb6ee0f53547e23683b61cd 240286
grok-dbg_1.20110708.1-4.2_amd64.deb
5cd505df46e4dc929af94f380529c5702c42192a 6728
grok_1.20110708.1-4.2_amd64.buildinfo
4e00b07790c4f34cc8addbb96f3b6f8422e310e1 58062 grok_1.20110708.1-4.2_amd64.deb
8e18fbb8fa56a5abbfe93bb285c3d7688177b321 8856
libgrok-dev_1.20110708.1-4.2_amd64.deb
460440c2e460db6a6fc830e818331cfd912d667d 31966
libgrok1_1.20110708.1-4.2_amd64.deb
Checksums-Sha256:
5c1dca113403a9fcd32209e29ff3230d3d95c2b66676dbcf114f01b6ea28f173 2138
grok_1.20110708.1-4.2.dsc
3dbd704158d5de207715e84ec7b5a47e4e2d3d32ededddc03288915487d1a275 6440
grok_1.20110708.1-4.2.debian.tar.xz
10e9b47e2504121dc6ef33e0f031a2a8017ceb4ec5854a988e426f1c9ab8e340 240286
grok-dbg_1.20110708.1-4.2_amd64.deb
41bf1ada47440a76e3cf9bc4433df6544916ad07b77541a208214ae565a5ae3e 6728
grok_1.20110708.1-4.2_amd64.buildinfo
c7fa2e66bcd63ae4d5c81efc7aa5a1e9d60ff5e142f998690d8f1180dd0860cd 58062
grok_1.20110708.1-4.2_amd64.deb
4cccc219426c8aba178dae17ea8c8849d7f4063db1eda72fe7e55901288174ba 8856
libgrok-dev_1.20110708.1-4.2_amd64.deb
45398609822d7d0d36d5df397313f3c6fccef01a058129ac1b40d44028f07a4f 31966
libgrok1_1.20110708.1-4.2_amd64.deb
Files:
67012a8074d220fff6573d104588b8ff 2138 misc extra grok_1.20110708.1-4.2.dsc
92a7165a2455552a374349efd6806223 6440 misc extra
grok_1.20110708.1-4.2.debian.tar.xz
785d15a77338ce8c149d5a47df31405b 240286 debug extra
grok-dbg_1.20110708.1-4.2_amd64.deb
975e9d0ae1e5770757c7df5cd602b70a 6728 misc extra
grok_1.20110708.1-4.2_amd64.buildinfo
e6b85d4dba5378d807cd2a5ca2b8fc9d 58062 misc extra
grok_1.20110708.1-4.2_amd64.deb
94d9ff265fd5e961609cc18dad6fdb28 8856 libdevel extra
libgrok-dev_1.20110708.1-4.2_amd64.deb
b1739276dde8665527fce460069c146f 31966 libs extra
libgrok1_1.20110708.1-4.2_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEDLxdlTMbVcF2xVjk+A0hGpn97vgFAlmLzW0ACgkQ+A0hGpn9
7vgAjg/+NexUvkzUY4D+GNZaLFwaYld8K1QzaEpPM9WhDIGnTs/OR/6tWW6Pfm4h
U/NmbcT5aRmWFNEHf4HEsdR4qwdt5ZD/FkXfKgOotinNkk1AYHhZJrCcszi9qjDt
srgV5z1fDJ+F8Gpqpq7EFNVD6yIvTfejVD5VKNt4+I+i8l3HiETExVMxDrnpT1++
sfzLKAroSh3DbQKBFE12vLMCGu9v7QK43Qo0km2KEveOfTJ8y27M9k6LnaFk7YM+
CILmcA7rbBypVL08DnYQO0c78rhVnCgiQL0LT6AA/n6P3XlANBw33cUWhGZI9fa4
PfSXTgCifpqBvR7xbvMMzCbN4FCEbjcvtU/eT0VeQNR+F+tWWoNbC02zILcDyBdY
8zHfCU+NqpcGd8RVh15XwAyrbhhrn+ilkgZrRYGjProJNJ7GCBWQQc8Ou6+C/Zyq
mWt+c4hgIx8DwSmwk/N9J60iX6/tz05JG/k4C/WvxyRN4jt6zV7yk9tqKMQEdFzt
TiJgDq8up7p3asezEa++0RFzIcKzi4/XL8aMshqj5ns4prHs6BQGYS81SVPpLeXv
0X1JktkbnR8tM9YpBPxDrYJIKTa1s+dJbDH6Wh8la4JGyGQ4BkdX0oEUa9qsQFvy
axiVr0H3CrJpJuuK+8/hr2fOt5xZLgEGZFFGP1zDb9QYGn1O2F0=
=mXP9
-----END PGP SIGNATURE-----
--- End Message ---
