Your message dated Wed, 29 Sep 2021 17:51:09 +0000 with message-id <[email protected]> and subject line Bug#994067: fixed in foremost 1.5.7-11 has caused the Debian Bug report #994067, regarding foremost: undefined behavior if option -c <something> is used as last argument to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 994067: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994067 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: foremost Version: 1.5.7-9.1 Running "foremost -T -c something" results in undefined behavior. First, it calls `fopen()` with NULL as pathname. Second, it uses argv[i] with i > argc. In my case, it tries to read files with pathnames as environment variables. See strace: $ strace --trace=openat foremost -T -c something ... openat(AT_FDCWD, "foremost", O_RDONLY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "-T", O_RDONLY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) openat(AT_FDCWD, "SHELL=/bin/bash", O_RDONLY) = -1 ENOENT (No such file or directory) <several lines similar to above> ... This is because the program doesn't check if "-c something" are the last arguments when skipping them at <main.c:274> The following patch fixes it: --- a/main.c +++ b/main.c @@ -272,6 +272,9 @@ { /*jump past the conf file so we don't process it.*/ argv+=2; + if (*argv == NULL) { + break; + } } testFile = fopen(*argv, "rb"); if (testFile)--- a/main.c +++ b/main.c @@ -272,6 +272,9 @@ { /*jump past the conf file so we don't process it.*/ argv+=2; + if (*argv == NULL) { + break; + } } testFile = fopen(*argv, "rb"); if (testFile)
--- End Message ---
--- Begin Message ---Source: foremost Source-Version: 1.5.7-11 Done: Raúl Benencia <[email protected]> We believe that the bug you reported is fixed in the latest version of foremost, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Raúl Benencia <[email protected]> (supplier of updated foremost package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 29 Sep 2021 08:29:52 -0700 Source: foremost Binary: foremost foremost-dbgsym Architecture: source amd64 Version: 1.5.7-11 Distribution: unstable Urgency: medium Maintainer: Raúl Benencia <[email protected]> Changed-By: Raúl Benencia <[email protected]> Description: foremost - forensic program to recover lost files Closes: 994067 Changes: foremost (1.5.7-11) unstable; urgency=medium . * Rediff patches using gbp pq. * Fix -c undefined behavior. Thanks to the bug author for reporting the problem and sending the patch. (Closes: #994067) Checksums-Sha1: d84e436ecca6b94e73e8fec2ff60b0f2bccaf0ed 1873 foremost_1.5.7-11.dsc 3cc68bd432ace06ec0de86424c3da4478ea38863 9832 foremost_1.5.7-11.debian.tar.xz 25677248e026b61864abac98d4d08ee18e2383dc 79140 foremost-dbgsym_1.5.7-11_amd64.deb 24445ef1862a2d36949a7be5250488aaaaa38e38 5872 foremost_1.5.7-11_amd64.buildinfo fa054951deb768d0ec415fd4191fbb458c633443 42744 foremost_1.5.7-11_amd64.deb Checksums-Sha256: 0e56a9e917da322808bd9797c8e6733fb769522ad6e180882f1bd0195ad15ff8 1873 foremost_1.5.7-11.dsc 633e4418b43183ccab0834e46b15808ad0f4682103e9df70c04814301ca41ad2 9832 foremost_1.5.7-11.debian.tar.xz 72e1dd1c32f3c2232ab640f05d95a71bf266a07b358e25c22f73286352e64409 79140 foremost-dbgsym_1.5.7-11_amd64.deb 6837a5b93af1018ddd510309573d0eb817736ccd699fe62a3ce1e1f1c3d47029 5872 foremost_1.5.7-11_amd64.buildinfo ca9753b375d655fbc66eaa2b8b16d7cb32648104712dfc7fc9cb47833aaac877 42744 foremost_1.5.7-11_amd64.deb Files: e52fab20fcc6f3d293d0a9f782a0cb51 1873 admin optional foremost_1.5.7-11.dsc 16daab83d4b7b233eaebfc3d3836f54d 9832 admin optional foremost_1.5.7-11.debian.tar.xz e45692d26c5d086be5201a24de22bc32 79140 debug optional foremost-dbgsym_1.5.7-11_amd64.deb 2369fa4f137bc1f0fd2b9e9b354ab20c 5872 admin optional foremost_1.5.7-11_amd64.buildinfo 7171c64ecaae535d5b43e8de9dccad6e 42744 admin optional foremost_1.5.7-11_amd64.deb -----BEGIN PGP SIGNATURE----- iQJCBAEBCgAsFiEEFq0pz1dK0CBvmWHgLPDxfENHS28FAmFUnAMOHHJ1bEBrYWxn YW4uY2MACgkQLPDxfENHS2/8bg//fKYvng8BKUY2KNNMqgGZ+EqO0FvVpqXvFNq/ di8YILy+vKmVVEtWEqa0FmvJ111koFX4ukOUFt6t7hKi2/twpH7+NTyJzJS5lJo4 AsAOYX9vQgcOo/jyhE9cTTlr5UJiiX25dqhbQQxdGdX9ilB7Z4hHz60gKkCLLJpS zvgG7ocFT8R5TBwbeAWnMMcAHyVu5YYoUpwijxmuNEOMLW3Wq/EugCDJcDrsyAYr 9MNDBHhNfkHBs4wDlEuKVBw2wG2CPz7VZo/Lrw+TPc50XlCLuwU/P+pLiPAyS0/e EV2GjNkTfRDKQyJbczgOLRCRWTkwKj4u46UPw8iO/AhPClc63H9THuTlLj4FhGaW MHeDaeWNpFNphB4HayqtaZGUzxK2KvhmQ6hTI/orGCVx8GEuRHNr543FjRxd2Zf1 OgueQywncQjMecNmwJaSXOueb1e9y5z6d8bUolJBJ5SyWvo+c3uoP6trS+DKegAP 73BrL+HvC6bihW7S37SIacCqQsxOBMjS9MY+6AOIyBI3r2vYmyHgHXJdm9j6qcAb KmFZ3hs0KPRK3OECJFuh+GXA1cPSMlVTZIlx7XeAjgg0kc1WSG1VzYLLpxj3yNT+ miY2lK6Vccos78m7lQ8ttfSgJXhqQg//Fx/dp3d6U/EMkNcY+GS+C2askrP6ESfd lI7Jib4= =GhB9 -----END PGP SIGNATURE-----
--- End Message ---
