When downstream pays upstream's bills, upstream will be more responsive. Until then, downstream can take a running jump & not leave snide remarks on the bug tracker. :)
> -----Original Message----- > From: Yann Aubert [mailto:[EMAIL PROTECTED] > Sent: Friday, September 16, 2005 9:33 AM > To: Debian Bug Tracking System > Subject: Bug#328682: Buffer overflow in libmondo-archive.c > > > Package: mondo > Version: 2.04-4 > Severity: normal > > > I use mondoarchive, with a particularly long exclude list. The mount > list of this server is particularly long. Mondoarchive fails with a > Segmentation fault after boot disk creation. > > End of standard output : > ------------------------ > > Calling MINDI to create boot+data disks > Your boot loader is LILO and it boots from /dev/sda > //tmp.mondo.18086/tmp.mondo.15975 > Boot+data disks were created OK > Done. > Segmentation fault > > ##### end of trace ############ > > valgrind detects a buffer overflow at line 702 in libmondo-archive.c. > > > from libmondo-archive.c : line 698 > ---------------------------------- > > malloc_string ( value ); > malloc_string ( bootdev ); > > strcpy( scratchdir, bkpinfo->scratchdir); > sprintf (tmp, > "echo \"%s\" | tr -s ' ' '\n' | grep -x \"/dev/.*\" | > tr -s '\n' ' ' | awk '{print $0\"\\n\";}'", > bkpinfo->exclude_paths); > strcpy (devs_to_exclude, > call_program_and_get_last_line_of_output (tmp)); > > ##### code end ################### > > The result of sprintf isn't tested. No attempts to realloc tmp are made. > > Looking a bit in the code. It seems that there are plenty of such > "constructs" in it. There are more than 1000 sprintf in mondo source > code. It doesn't mean that there are all untested. But I think, it > would be better to look at it. I'm waiting for your feedback. > Cleaning the seems to me to represent a big work, with another problem : > upstream doesn't seem very responsive. > > > > -- Package-specific info: > /var/log/mindi.log and /var/log/mondo-archive.log not included > as per user request. > > > ========================================================= > Fileystem information not included as per user request. > > -- System Information: > Debian Release: 3.1 > Architecture: i386 (i686) > Kernel: Linux 2.6.8-2-686-smp > Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) > > Versions of packages mondo depends on: > ii afio 2.5-3 archive file > manipulation program > ii binutils 2.15-6 The GNU assembler, > linker and bina > ii buffer 1.19-7 > Buffering/reblocking program for t > ii cdrecord 4:2.01+01a01-2 command line CD writing tool > ii dosfstools 2.11-2 Utilities to create > and check MS-D > ii gawk 1:3.1.4-2 GNU awk, a pattern > scanning and pr > ii libc6 2.3.2.ds1-22 GNU C Library: > Shared libraries an > ii libnewt0.51 0.51.6-20 Not Erik's > Windowing Toolkit - tex > ii lzop 1.01-3 fast compression program > ii mindi 1.04-4 creates boot/root > disks based on y > > Versions of packages mindi depends on: > ii bzip2 1.0.2-7 high-quality > block-sorting file co > ii file 4.12-1 Determines file > type using "magic" > ii gawk 1:3.1.4-2 GNU awk, a pattern > scanning and pr > ii mindi-busybox 1.00-4 Collection of shell > utilities in a > ii mindi-kernel 2.4.27-2 failsafe Linux > kernel for Mindi/Mo > ii mindi-partimagehack 0.6.2-4 disk partition > imaging utility for > ii mkisofs 4:2.01+01a01-2 Creates ISO-9660 > CD-ROM filesystem > ii ms-sys 1.1.3-1 Write a Microsoft > compatible boot > ii nano 1.2.4-5 free Pico clone > with some new feat > ii parted 1.6.21-1 The GNU Parted disk > partition resi > ii syslinux 2.11-0.1 Bootloader for > Linux/i386 using MS > > -- no debconf information > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
