Hello, that bug is fixed by the author of trace Please check commit v4.9-356-g1dbd39e in the main strace repository.
> 2015. 4. 28., 오후 11:41, Launchpad Bug Tracker <1426...@bugs.launchpad.net> 작성: > > Status changed to 'Confirmed' because the bug affects multiple users. > > ** Changed in: strace (Ubuntu) > Status: New => Confirmed > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/1426635 > > Title: > strace stack buffer overflow > > Status in strace package in Ubuntu: > Confirmed > > Bug description: > > Tested Version : strace-4.9 (from strace sourceforge), strace-4.8 (apt-get > install strace) > Environment : Ubuntu 14.04.1 LTS x86_64 > Details: > > stack buffer overflow in startup_child() strace.c > > Input length check could be bypassed using long string without having '/' > character. > So, the strcpy() function in PATH concat processing code starts to overwrite > stack data. > > > -------------- TEST PAYLOAD > > abc@ubuntu:~$ ./strace `perl -e 'print "a"x5042'` > Segmentation fault > > -------------- Backtrace with debugging symbol > > (gdb) r `perl -e 'print "a"x5042'` > > Starting program: /home/abc/strace-4.9/strace `perl -e 'print "a"x5042'` > > > Program received signal SIGSEGV, Segmentation fault. > > __GI_getenv (name=0x7fe3b8107b5b "NGUAGE", name@entry=0x7fe3b8107b59 > "LANGUAGE") at getenv.c:85 > 85 getenv.c: No such file or directory. > > (gdb) bt > > #0 __GI_getenv (name=0x7fe3b8107b5b "NGUAGE", name@entry=0x7fe3b8107b59 > "LANGUAGE") at getenv.c:85 > #1 0x00007fe3b7fbc681 in guess_category_value (categoryname=0x7fe3b80f16b3 > <_nl_category_names+51> "LC_MESSAGES", category=5) > at dcigettext.c:1372 > #2 __dcigettext (domainname=0x7fe3b8107a99 <_libc_intl_domainname> "libc", > msgid1=0x7fe3b81081ac "File name too long", > msgid2=msgid2@entry=0x0, plural=plural@entry=0, n=n@entry=0, > category=category@entry=5) at dcigettext.c:573 > #3 0x00007fe3b7fbb5df in __GI___dcgettext (domainname=<optimized out>, > msgid=<optimized out>, category=category@entry=5) > at dcgettext.c:52 > #4 0x00007fe3b801398e in __GI___strerror_r (errnum=errnum@entry=36, > buf=buf@entry=0x0, buflen=buflen@entry=0) at _strerror.c:71 > #5 0x00007fe3b80138cf in strerror (errnum=errnum@entry=36) at strerror.c:32 > #6 0x000000000041230f in verror_msg (err_no=36, fmt=fmt@entry=0x4273da > "Can't stat '%s'", p=p@entry=0x7fff6b28dbf8) at strace.c:277 > #7 0x000000000041315a in perror_msg_and_die (fmt=fmt@entry=0x4273da "Can't > stat '%s'") at strace.c:323 > #8 0x000000000041371e in startup_child (argv=0x7fff6b28f160) at > strace.c:1220 > #9 0x6161616161616161 in ?? () > #10 0x6161616161616161 in ?? () > #11 0x6161616161616161 in ?? () > #12 0x6161616161616161 in ?? () > #13 0x6161616161616161 in ?? () > > To manage notifications about this bug go to: > https://bugs.launchpad.net/ubuntu/+source/strace/+bug/1426635/+subscriptions -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1426635 Title: strace stack buffer overflow To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strace/+bug/1426635/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
