Package: libax25 Version: 0.0.12-rc5+git20190411+b17ff36-3.1 Severity: important Tags: patch
Dear Maintainer, I ran into a problem with kissattach, but the buffer overflow was actually happening in libax25: (gdb) bt #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 #1 0x76e69230 in __GI_abort () at abort.c:79 #2 0x76eb951c in __libc_message (action=<optimized out>, fmt=<optimized out>) at ../sysdeps/posix/libc_fatal.c:181 #3 0x76f3b6fc in __GI___fortify_fail_abort (need_backtrace=need_backtrace@entry=true, msg=0x76f824d8 "buffer overflow detected") at fortify_fail.c:28 #4 0x76f3b748 in __GI___fortify_fail (msg=<optimized out>) at fortify_fail.c:44 #5 0x76f395c8 in __GI___chk_fail () at chk_fail.c:28 #6 0x76f38a60 in _IO_str_chk_overflow (fp=<optimized out>, c=<optimized out>) at vsprintf_chk.c:31 #7 0x76ebdd04 in __GI__IO_default_xsputn (n=<optimized out>, data=<optimized out>, f=<optimized out>) at libioP.h:839 #8 __GI__IO_default_xsputn (f=0x7efff400, data=<optimized out>, n=55) at genops.c:370 #9 0x76e93800 in _IO_vfprintf_internal (s=s@entry=0x7efff400, format=format@entry=0x76fa7180 +"%s/LCK..%s", ap=..., ap@entry=...) at ../libio/libioP.h:839 #10 0x76f38b00 in ___vsprintf_chk (s=s@entry=0x7efff500 +"/var/lock/LCK..usb-Coastal_ChipWorks_TNC-X_by_W2F", flags=flags@entry=1, slen=slen@entry=50, format=0x76fa7180 "%s/LCK..%s", format@entry=0xf571100 <error: Cannot access memory at address 0xf571100>, args=..., args@entry=...) at vsprintf_chk.c:83 #11 0x76f38a2c in ___sprintf_chk (s=s@entry=0x7efff500 +"/var/lock/LCK..usb-Coastal_ChipWorks_TNC-X_by_W2F", flags=flags@entry=1, slen=slen@entry=50, format=0x76fa7180 "%s/LCK..%s") at sprintf_chk.c:31 #12 0x76fa672c in sprintf (__fmt=0x76fa7180 "%s/LCK..%s", __s=0x7efff500 "/var/lock/LCK..usb-Coastal_ChipWorks_TNC-X_by_W2F") at /usr/include/arm-linux-gnueabihf/bits/stdio2.h:36 #13 tty_is_locked ( tty=tty@entry=0x7efff882 "/dev/serial/by-id/usb-Coastal_ChipWorks_TNC-X_by_W2FS_FT3PPKKT-if00-port0") at ttyutils.c:112 #14 0x000112b8 in main (argc=3, argv=<optimized out>) at kissattach.c:294 ran into it in raspbian, debian buster, and in the latest package in testing... Upstream has fixed it here: http://git.linux-ax25.org/cgit/libax25.git/patch/?id=f7e4a620aaa061bca62c2cef7dd508157e482c68 I added the patch locally and tested the fix here, and it seems to work. -- System Information: Debian Release: 10.8 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-14-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages libax25 depends on: ii libc6 2.28-10 ii zlib1g 1:1.2.11.dfsg-1 libax25 recommends no packages. libax25 suggests no packages. -- Configuration Files: /etc/ax25/axports changed: 1 K6FSM-5 1200 255 2 2m radio -- no debconf information