Package: task-spooler
Version: 1.0-1
Severity: normal
Dear Maintainer,
When the environment variable TMPDIR is set to a certain length,
invoking tsp
results in a buffer overflow that crashes the program. For instance:
$ echo $TMPDIR
/tmp/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
$ tsp echo hello
*** buffer overflow detected ***: terminated
Abandon (core dumped)
The backtrace shows that the problem arises when creating the string
/tmp/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/socket-
ts.1000
which is copied in a buffer that is too small:
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x00007f684ed84537 in __GI_abort () at abort.c:79
#2 0x00007f684eddd6c8 in __libc_message (action=action@entry=do_abort,
fmt=fmt@entry=0x7f684eeebc28 "*** %s ***: terminated\n") at
../sysdeps/posix/libc_fatal.c:155
#3 0x00007f684ee6c5b2 in __GI___fortify_fail (msg=msg@entry=0x7f684eeebbbe
"buffer overflow detected") at fortify_fail.c:26
#4 0x00007f684ee6afb0 in __GI___chk_fail () at chk_fail.c:28
#5 0x00007f684ee6a8b2 in __strcpy_chk (dest=0x7fff211a9592 "",
src=0x563601497500 "/tmp/", 'a' <repeats 88 times>, "/socket-ts.1000",
destlen=108) at strcpy_chk.c:30
#6 0x00005635ff7c891a in ?? ()
#7 0x00005635ff7c8a42 in ?? ()
#8 0x00005635ff7c6ce1 in ?? ()
#9 0x00007f684ed85cca in __libc_start_main (main=0x5635ff7c6b60, argc=3,
argv=0x7fff211a9818, init=<optimized out>, fini=<optimized out>,
rtld_fini=<optimized out>,
stack_end=0x7fff211a9808) at ../csu/libc-start.c:308
#10 0x00005635ff7c735a in ?? ()
-- System Information:
Debian Release: bullseye/sid
APT prefers testing
APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.9.0-2-amd64 (SMP w/4 CPU threads)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE
not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages task-spooler depends on:
ii libc6 2.31-4
task-spooler recommends no packages.
task-spooler suggests no packages.
-- no debconf information