Debian Bug report logs - #517597
vde2: slirpvde buffer overflow

version graph

Package: vde2; Maintainer for vde2 is Debian VSquare Team <virtualsquare@cs.unibo.it>; Source for vde2 is src:vde2 (PTS, buildd, popcon).

Reported by: Andreas Wenning <awen@awen.dk>

Date: Sat, 28 Feb 2009 20:03:10 UTC

Severity: normal

Tags: patch

Found in version vde2/2.2.2-3

Done: Ludovico Gardenghi <garden@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Debian VSquare Team <pkg-vsquare-devel@lists.alioth.debian.org>:
Bug#517597; Package vde2. (Sat, 28 Feb 2009 20:03:12 GMT) (full text, mbox, link).

Acknowledgement sent to Andreas Wenning <awen@awen.dk>:
New Bug report received and forwarded. Copy sent to Debian VSquare Team <pkg-vsquare-devel@lists.alioth.debian.org>. (Sat, 28 Feb 2009 20:03:12 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Andreas Wenning <awen@awen.dk>
To: submit@bugs.debian.org
Subject: vde2: slirpvde buffer overflow
Date: Sat, 28 Feb 2009 21:02:34 +0100
[Message part 1 (text/plain, inline)]
Subject: vde2: slirpvde buffer overflow                          
Package: vde2                                                    
Version: 2.2.2-3                                                 
Severity: normal                                                 
Tags: patch                                                      

slirpvde buffer overflow; fixed in upstream svn rev 329

A patch of that revision is attached for your convenience.

Without it starting slirpvde (at least on amd64) results in:
$ slirpvde -s /tmp/switch1                                  
 *** buffer overflow detected ***: slirpvde terminated      
 ======= Backtrace: =========                               
 /lib/libc.so.6(__fortify_fail+0x37)[0x7fc64b9af887]        
 /lib/libc.so.6[0x7fc64b9ad750]                             
 /lib/libc.so.6[0x7fc64b9adde7]                             
 slirpvde[0x40b3c4]                                         
 /lib/libc.so.6(__libc_start_main+0xe6)[0x7fc64b8ce466]     
 slirpvde[0x401ca9]                                         
 ======= Memory map: ========                               
 00400000-0040f000 r-xp 00000000 08:03 3944288 /usr/bin/slirpvde
 0060e000-0060f000 r--p 0000e000 08:03 3944288 /usr/bin/slirpvde
 0060f000-00610000 rw-p 0000f000 08:03 3944288 /usr/bin/slirpvde
 00610000-00611000 rw-p 00610000 00:00 0                        
 01fbd000-01fde000 rw-p 01fbd000 00:00 0 [heap]                 
 7fc64b698000-7fc64b6ae000 r-xp 00000000 08:03 10960944 /lib/libgcc_s.so.1
 7fc64b6ae000-7fc64b8ae000 ---p 00016000 08:03 10960944 /lib/libgcc_s.so.1
 7fc64b8ae000-7fc64b8af000 r--p 00016000 08:03 10960944 /lib/libgcc_s.so.1
 7fc64b8af000-7fc64b8b0000 rw-p 00017000 08:03 10960944 /lib/libgcc_s.so.1
 7fc64b8b0000-7fc64ba19000 r-xp 00000000 08:03 10961157 /lib/libc-2.8.90.so
 7fc64ba19000-7fc64bc18000 ---p 00169000 08:03 10961157 /lib/libc-2.8.90.so
 7fc64bc18000-7fc64bc1c000 r--p 00168000 08:03 10961157 /lib/libc-2.8.90.so
 7fc64bc1c000-7fc64bc1d000 rw-p 0016c000 08:03 10961157 /lib/libc-2.8.90.so
 7fc64bc1d000-7fc64bc22000 rw-p 7fc64bc1d000 00:00 0                       
 7fc64bc22000-7fc64bc24000 r-xp 00000000 08:03 10961160 /lib/libdl-2.8.90.so
 7fc64bc24000-7fc64be24000 ---p 00002000 08:03 10961160 /lib/libdl-2.8.90.so
 7fc64be24000-7fc64be25000 r--p 00002000 08:03 10961160 /lib/libdl-2.8.90.so
 7fc64be25000-7fc64be26000 rw-p 00003000 08:03 10961160 /lib/libdl-2.8.90.so
 7fc64be26000-7fc64be2a000 r-xp 00000000 08:03 3943265 
/usr/lib/libvdeplug.so.2.1.0
 7fc64be2a000-7fc64c029000 ---p 00004000 08:03 3943265 
/usr/lib/libvdeplug.so.2.1.0
 7fc64c029000-7fc64c02a000 r--p 00003000 08:03 3943265 
/usr/lib/libvdeplug.so.2.1.0
 7fc64c02a000-7fc64c02b000 rw-p 00004000 08:03 3943265 
/usr/lib/libvdeplug.so.2.1.0
 7fc64c02b000-7fc64c04a000 r-xp 00000000 08:03 10960957 /lib/ld-2.8.90.so          
 7fc64c22c000-7fc64c22e000 rw-p 7fc64c22c000 00:00 0                               
 7fc64c246000-7fc64c249000 rw-p 7fc64c246000 00:00 0                               
 7fc64c249000-7fc64c24a000 r--p 0001e000 08:03 10960957 /lib/ld-2.8.90.so          
 7fc64c24a000-7fc64c24b000 rw-p 0001f000 08:03 10960957 /lib/ld-2.8.90.so          
 7fff54235000-7fff5424a000 rw-p 7ffffffea000 00:00 0 [stack]                       
 7fff543fe000-7fff543ff000 r-xp 7fff543fe000 00:00 0 [vdso]
 ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
 Abandon

-- System Information:
Debian Release: lenny/sid
  APT prefers intrepid-updates
  APT policy: (500, 'intrepid-updates'), (500, 'intrepid-security'), (500, 
'intrepid-backports'), (500, 'intrepid'), (400, 'intrepid-proposed')
Architecture: i386 (i686)

Kernel: Linux 2.6.27-11-generic (SMP w/1 CPU core)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages vde2 depends on:
ii  adduser            3.108ubuntu1          add and remove users and groups
ii  libc6              2.8~20080505-0ubuntu9 GNU C Library: Shared libraries
ii  libpcap0.8         0.9.8-5               system interface for user-level 
pa
ii  libvdemgmt0        2.2.2-3               Virtual Distributed Ethernet - 
Man
ii  libvdeplug2        2.2.2-3               Virtual Distributed Ethernet - 
Plu

vde2 recommends no packages.

-- no debconf information

[fix_slirpvde_buffer_overflow.patch (text/x-patch, attachment)]

Reply sent to Ludovico Gardenghi <garden@debian.org>:
You have taken responsibility. (Mon, 07 Sep 2009 21:36:03 GMT) (full text, mbox, link).

Notification sent to Andreas Wenning <awen@awen.dk>:
Bug acknowledged by developer. (Mon, 07 Sep 2009 21:36:03 GMT) (full text, mbox, link).

Message #10 received at 517597-done@bugs.debian.org (full text, mbox, reply):

From: Ludovico Gardenghi <garden@debian.org>
To: Andreas Wenning <awen@awen.dk>, 517597-done@bugs.debian.org
Subject: Re: [Pkg-vsquare-devel] Bug#517597: vde2: slirpvde buffer overflow
Date: Mon, 7 Sep 2009 23:33:28 +0200
On Sat, Feb 28, 2009 at 21:02:34 +0100, Andreas Wenning wrote:

> slirpvde buffer overflow; fixed in upstream svn rev 329
> A patch of that revision is attached for your convenience.

Although we forgot to mention it in the changelog, this bug has been
solved since vde2-2.2.3-1.

Thank you for your patch anyway, and excuse us for the delayed release.

Ludovico
-- 
<garden@acheronte.it>        #acheronte (irc.freenode.net) ICQ: 64483080
GPG ID: 07F89BB8          Jabber: gardengl@gmail.com Yahoo: gardenghelle
-- This is signature nr. 5180

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 06 Oct 2009 07:40:39 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Jul 2 04:09:34 2023; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.