*** This bug is a security vulnerability *** Public security bug reported:
When using commoncpp2 on 64 bit systems (as SFLphone does), if gethostbyname fails, libcommoncpp2 will cause a buffer overflow by doing an incorrect memset. The memset in the buggy version is called using sizeof(ipaddr), where ipaddr is a pointer. What is intended is sizeof(struct inaddr), the type to which ipaddr points. The reason this bug only manifests itself on 64 bit systems is that sizeof(pointer) > sizeof(struct inaddr), whereas on 32 bit systems they are equal. This has since been corrected upstream in commoncpp, but the bug remains in the libcommoncpp2 package. This affects SFLphone and any other application which depends on commoncpp. This was previously reported to Debian: http://lists.alioth.debian.org/pipermail/pkg-voip-maintainers/2012-November/022478.html ** Affects: libcommoncpp2 (Ubuntu) Importance: Undecided Status: New ** Patch added: "patch with corrected memset call" https://bugs.launchpad.net/bugs/1176058/+attachment/3663932/+files/inaddr.patch ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1176058 Title: crash from invalid memset To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libcommoncpp2/+bug/1176058/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs