Your message dated Wed, 31 Jan 2018 22:20:59 +0000
with message-id <[email protected]>
and subject line Bug#867641: fixed in gdbm 1.14.1-2
has caused the Debian Bug report #867641,
regarding gdbm: no fstat error checking and no large file support can crash on
32-bit systems
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
867641: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867641
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: gdbm
Version: 1.8.3-14
Severity: important
Tags: lfs patch upstream
Dear Maintainer,
After upgrading to stretch, man-db was crashing randomly during package
upgrades. Sometimes it would instead report EOVERFLOW errors. Since I was
running it on i386 with a very large XFS filesystem, I suspected large file
support issues, since I've seen them before in other packages. It turns out
this was the case.
I built man-db from source and debugged it to confirm the issue was in gdbm.
I then build gdbm from source and was astonished to notice that the fstat()
calls it makes weren't even error-checked, which explained the random crashes
(it tries to allocate, read, etc. a random amount of data because the stat
structure contains garbage from the stack). This concerns me a bit, since
gdbm programs like man-db run as root with pretty arbitrary input so there
might even be an attack vector here.
I confirmed the code is compiled without _FILE_OFFSET_BITS=64, recompiled it
with that flag, and confirmed that the fstat() calls were working. Running
the man-db test suite with the fixed gdbm passed all tests (before it failed
on 4 tests on my system).
I've prepared a patch to gdbm that fixes the fstat() calls (this should
probably go upstream). I hacked in the -D_FILE_OFFSET_BITS=64 (I'm not an
autoconf expert) into Makefile.in; perhaps there's a better way.
I will attach the patch after the report is submitted.
-- System Information:
Debian Release: 9.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 4.9.0-3-686-pae (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
--- gdbm-1.8.3.orig/Makefile.in 2017-07-08 01:39:16.000000000 -0300
+++ gdbm-1.8.3/Makefile.in 2017-07-08 01:23:35.352509271 -0300
@@ -26,7 +26,7 @@
# Where the system [n]dbm routines are...
LIBS = @LIBS@ -lc
-CFLAGS = @CFLAGS@
+CFLAGS = @CFLAGS@ -D_FILE_OFFSET_BITS=64
LDFLAGS = @LDFLAGS@
# Common prefix for installation directories
--- gdbm-1.8.3.orig/gdbmopen.c 2017-07-08 01:39:16.000000000 -0300
+++ gdbm-1.8.3/gdbmopen.c 2017-07-08 01:50:27.809533680 -0300
@@ -152,7 +152,14 @@
}
/* Get the status of the file. */
- fstat (dbf->desc, &file_stat);
+ if (fstat (dbf->desc, &file_stat) == -1)
+ {
+ close (dbf->desc);
+ free (dbf->name);
+ free (dbf);
+ gdbm_errno = GDBM_FILE_OPEN_ERROR;
+ return NULL;
+ }
/* Lock the file in the approprate way. */
if ((flags & GDBM_OPENMASK) == GDBM_READER)
@@ -195,8 +202,14 @@
now time to truncate the file. */
if (need_trunc && file_stat.st_size != 0)
{
- TRUNCATE (dbf);
- fstat (dbf->desc, &file_stat);
+ if (TRUNCATE (dbf) == -1 || fstat (dbf->desc, &file_stat) == -1)
+ {
+ close (dbf->desc);
+ free (dbf->name);
+ free (dbf);
+ gdbm_errno = GDBM_FILE_OPEN_ERROR;
+ return NULL;
+ }
}
/* Decide if this is a new file or an old file. */
--- gdbm-1.8.3.orig/gdbmreorg.c 2002-10-07 15:38:26.000000000 -0300
+++ gdbm-1.8.3/gdbmreorg.c 2017-07-08 01:09:33.791888611 -0300
@@ -111,7 +111,12 @@
new_name[len] = '#';
/* Get the mode for the old file and open the new database. */
- fstat (dbf->desc, &fileinfo);
+ if (fstat (dbf->desc, &fileinfo) == -1)
+ {
+ free (new_name);
+ gdbm_errno = GDBM_REORGANIZE_FAILED;
+ return -1;
+ }
new_dbf = gdbm_open (new_name, dbf->header->block_size, GDBM_WRCREAT,
fileinfo.st_mode, dbf->fatal_err);
--- gdbm-1.8.3.orig/Makefile.in 2017-07-08 01:39:16.000000000 -0300
+++ gdbm-1.8.3/Makefile.in 2017-07-08 01:23:35.352509271 -0300
@@ -26,7 +26,7 @@
# Where the system [n]dbm routines are...
LIBS = @LIBS@ -lc
-CFLAGS = @CFLAGS@
+CFLAGS = @CFLAGS@ -D_FILE_OFFSET_BITS=64
LDFLAGS = @LDFLAGS@
# Common prefix for installation directories
--- gdbm-1.8.3.orig/gdbmopen.c 2017-07-08 01:39:16.000000000 -0300
+++ gdbm-1.8.3/gdbmopen.c 2017-07-08 01:50:27.809533680 -0300
@@ -152,7 +152,14 @@
}
/* Get the status of the file. */
- fstat (dbf->desc, &file_stat);
+ if (fstat (dbf->desc, &file_stat) == -1)
+ {
+ close (dbf->desc);
+ free (dbf->name);
+ free (dbf);
+ gdbm_errno = GDBM_FILE_OPEN_ERROR;
+ return NULL;
+ }
/* Lock the file in the approprate way. */
if ((flags & GDBM_OPENMASK) == GDBM_READER)
@@ -195,8 +202,14 @@
now time to truncate the file. */
if (need_trunc && file_stat.st_size != 0)
{
- TRUNCATE (dbf);
- fstat (dbf->desc, &file_stat);
+ if (TRUNCATE (dbf) == -1 || fstat (dbf->desc, &file_stat) == -1)
+ {
+ close (dbf->desc);
+ free (dbf->name);
+ free (dbf);
+ gdbm_errno = GDBM_FILE_OPEN_ERROR;
+ return NULL;
+ }
}
/* Decide if this is a new file or an old file. */
--- gdbm-1.8.3.orig/gdbmreorg.c 2002-10-07 15:38:26.000000000 -0300
+++ gdbm-1.8.3/gdbmreorg.c 2017-07-08 01:09:33.791888611 -0300
@@ -111,7 +111,12 @@
new_name[len] = '#';
/* Get the mode for the old file and open the new database. */
- fstat (dbf->desc, &fileinfo);
+ if (fstat (dbf->desc, &fileinfo) == -1)
+ {
+ free (new_name);
+ gdbm_errno = GDBM_REORGANIZE_FAILED;
+ return -1;
+ }
new_dbf = gdbm_open (new_name, dbf->header->block_size, GDBM_WRCREAT,
fileinfo.st_mode, dbf->fatal_err);
--- gdbm-1.8.3.orig/Makefile.in 2017-07-08 01:39:16.000000000 -0300
+++ gdbm-1.8.3/Makefile.in 2017-07-08 01:23:35.352509271 -0300
@@ -26,7 +26,7 @@
# Where the system [n]dbm routines are...
LIBS = @LIBS@ -lc
-CFLAGS = @CFLAGS@
+CFLAGS = @CFLAGS@ -D_FILE_OFFSET_BITS=64
LDFLAGS = @LDFLAGS@
# Common prefix for installation directories
--- gdbm-1.8.3.orig/gdbmopen.c 2017-07-08 01:39:16.000000000 -0300
+++ gdbm-1.8.3/gdbmopen.c 2017-07-08 01:50:27.809533680 -0300
@@ -152,7 +152,14 @@
}
/* Get the status of the file. */
- fstat (dbf->desc, &file_stat);
+ if (fstat (dbf->desc, &file_stat) == -1)
+ {
+ close (dbf->desc);
+ free (dbf->name);
+ free (dbf);
+ gdbm_errno = GDBM_FILE_OPEN_ERROR;
+ return NULL;
+ }
/* Lock the file in the approprate way. */
if ((flags & GDBM_OPENMASK) == GDBM_READER)
@@ -195,8 +202,14 @@
now time to truncate the file. */
if (need_trunc && file_stat.st_size != 0)
{
- TRUNCATE (dbf);
- fstat (dbf->desc, &file_stat);
+ if (TRUNCATE (dbf) == -1 || fstat (dbf->desc, &file_stat) == -1)
+ {
+ close (dbf->desc);
+ free (dbf->name);
+ free (dbf);
+ gdbm_errno = GDBM_FILE_OPEN_ERROR;
+ return NULL;
+ }
}
/* Decide if this is a new file or an old file. */
--- gdbm-1.8.3.orig/gdbmreorg.c 2002-10-07 15:38:26.000000000 -0300
+++ gdbm-1.8.3/gdbmreorg.c 2017-07-08 01:09:33.791888611 -0300
@@ -111,7 +111,12 @@
new_name[len] = '#';
/* Get the mode for the old file and open the new database. */
- fstat (dbf->desc, &fileinfo);
+ if (fstat (dbf->desc, &fileinfo) == -1)
+ {
+ free (new_name);
+ gdbm_errno = GDBM_REORGANIZE_FAILED;
+ return -1;
+ }
new_dbf = gdbm_open (new_name, dbf->header->block_size, GDBM_WRCREAT,
fileinfo.st_mode, dbf->fatal_err);
--- End Message ---
--- Begin Message ---
Source: gdbm
Source-Version: 1.14.1-2
We believe that the bug you reported is fixed in the latest version of
gdbm, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Gianfranco Costamagna <[email protected]> (supplier of updated gdbm
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 31 Jan 2018 13:24:25 +0100
Source: gdbm
Binary: libgdbm5 gdbm-l10n libgdbm-dev gdbmtool libgdbm-compat4
libgdbm-compat-dev
Architecture: source
Version: 1.14.1-2
Distribution: unstable
Urgency: medium
Maintainer: Dmitry Bogatov <[email protected]>
Changed-By: Gianfranco Costamagna <[email protected]>
Description:
gdbm-l10n - GNU dbm database routines (translation files)
gdbmtool - GNU dbm database routines (command line tools)
libgdbm-compat-dev - GNU dbm database routines (legacy support development
files)
libgdbm-compat4 - GNU dbm database routines (legacy support runtime version)
libgdbm-dev - GNU dbm database routines (development files)
libgdbm5 - GNU dbm database routines (runtime version)
Closes: 867641
Launchpad-Bugs-Fixed: 1001189
Changes:
gdbm (1.14.1-2) unstable; urgency=medium
.
* Upload to unstable
(Closes: #867641, LP: #1001189)
* Refresh symbols
Checksums-Sha1:
b91ee8e34c5cc40fa7fdaa0869e41ebebcdc95c9 2300 gdbm_1.14.1-2.dsc
a01135fb3bf8ab3f807fd0fe69dba97760aeb0ad 25736 gdbm_1.14.1-2.debian.tar.xz
a7869b89116660d9c3f63320e71338c74f0ba817 6742 gdbm_1.14.1-2_source.buildinfo
Checksums-Sha256:
a027763f5fe286eb019a51ba2f62564690b7ccb0020d4914007accbcc10286e1 2300
gdbm_1.14.1-2.dsc
d92721e041ed03481c1c696cbc8a1345b43ca44a0954732c0250e1d1800df2a9 25736
gdbm_1.14.1-2.debian.tar.xz
204a339cab499d8d3037ed8049e7db5a5216d1f8f85f36965c6d277f5359e66a 6742
gdbm_1.14.1-2_source.buildinfo
Files:
791a6201b8a55125e16b2856e5ef8178 2300 libs important gdbm_1.14.1-2.dsc
23221a65fca5dbacb1007b9b0800e7ca 25736 libs important
gdbm_1.14.1-2.debian.tar.xz
07b1688e79ed86f8ae456e93d0780899 6742 libs important
gdbm_1.14.1-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCAAGBQJacjzGAAoJEPNPCXROn13Z1hkP/iP+ZXm5D7NF9H/1+bBB2C4l
sVaIq3iYbX25T3pzfqX0FP+HpmmLxWlyldiMKvxATzBGPwwni34LHDmDhSqORjgw
HgBItzyYA8Y2HeQ4HHQrVmrlP0L3oLweFME1SbZWIR/ttBu8Os8Aj5nnoLmhCwap
dE3uS6Sw8+6HoCfrRpl6ESVSxXmhUpF0NCBs8qFH52pQtv8tcXF+OetB4PM8o2I3
kvDwIsQuZHRUoX7mbBTpyxWhLyNK+MGz22gN3LC3S8Rwa6YnCs7tjvsVw3R/aRGZ
z4On9/QolPDd7P0T2JB4RtvSlLa6uu38fCWzf26HvRCKXv+erh9Bc95e6yAGylau
TgO6MeCh0hYO0AIvEDwn8fuw2dI1S34aeKejZsRPJibrCA4LYBFr6jepFynIR+XC
mwY0amlbFLk0+SJBO52BibNs/yxZWi/4aGkUxSy7nTew+6crnSFpFWlbS0pBLdPn
W3Magn7F2ki95neeXTQhnSVMvWYsilDexYlAxOLevMwI3/X/ILYbYiUUVYcGY3Al
mrrG47u+2Y0f+zoZ28ULZ669aY6FuIcR5WvTi25K9N7EkupwAPBAw7dIiRfjGIIJ
YYF86RLI384R2b+hrNe9SGBYtv5J0GeoFSPkd/EeYBnnOanWvdRcgoeVoVkqIthq
NPo6cZ4a7BwPaP20P884
=zb+Q
-----END PGP SIGNATURE-----
--- End Message ---
