Debian Bug report logs - #635370
busybox: integer overflow in expression on big endian

Package: busybox; Maintainer for busybox is Debian Install System Team <debian-boot@lists.debian.org>; Source for busybox is src:busybox.

Reported by: Thorsten Glaser <tg@mirbsd.de>

Date: Mon, 25 Jul 2011 15:18:06 UTC

Severity: wishlist

Done: Michael Tokarev <mjt@tls.msk.ru>

Bug is archived. No further changes may be made.

Forwarded to https://bugs.busybox.net/show_bug.cgi?id=4405

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Install System Team <debian-boot@lists.debian.org>:
Bug#635370; Package src:busybox. (Mon, 25 Jul 2011 15:18:09 GMT) Full text and rfc822 format available.

Acknowledgement sent to Thorsten Glaser <tg@mirbsd.de>:
New Bug report received and forwarded. Copy sent to Debian Install System Team <debian-boot@lists.debian.org>. (Mon, 25 Jul 2011 15:18:10 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Thorsten Glaser <tg@mirbsd.de>
To: submit@bugs.debian.org
Subject: busybox: integer overflow in expression on big endian
Date: Mon, 25 Jul 2011 15:15:57 +0000 (UTC)
Source: busybox
Version: 1.18.5-1
Priority: wishlist

include/archive.h:17: warning: integer overflow in expression

Only shown on big endian architectures. Probably best to replace
     17         XZ_MAGIC1a  = ((0xfd * 256 + '7') * 256 + 'z') * 256 + 'X',
with XZ_MAGIC1a = 0xFD377A58UL directly instead.

The little endian case is probably fine because 0xFD has bit7 on, 'X' off.




Set Bug forwarded-to-address to 'https://bugs.busybox.net/show_bug.cgi?id=4405'. Request was from Michael Tokarev <mjt@tls.msk.ru> to control@bugs.debian.org. (Sun, 30 Oct 2011 15:57:07 GMT) Full text and rfc822 format available.

Reply sent to Michael Tokarev <mjt@tls.msk.ru>:
You have taken responsibility. (Sun, 30 Oct 2011 18:51:04 GMT) Full text and rfc822 format available.

Notification sent to Thorsten Glaser <tg@mirbsd.de>:
Bug acknowledged by developer. (Sun, 30 Oct 2011 18:51:04 GMT) Full text and rfc822 format available.

Message #12 received at 635370-close@bugs.debian.org (full text, mbox):

From: Michael Tokarev <mjt@tls.msk.ru>
To: 635370-close@bugs.debian.org
Subject: Bug#635370: fixed in busybox 1:1.19.3-1
Date: Sun, 30 Oct 2011 18:47:17 +0000
Source: busybox
Source-Version: 1:1.19.3-1

We believe that the bug you reported is fixed in the latest version of
busybox, which is due to be installed in the Debian FTP archive:

busybox-static_1.19.3-1_i386.deb
  to main/b/busybox/busybox-static_1.19.3-1_i386.deb
busybox-syslogd_1.19.3-1_all.deb
  to main/b/busybox/busybox-syslogd_1.19.3-1_all.deb
busybox-udeb_1.19.3-1_i386.udeb
  to main/b/busybox/busybox-udeb_1.19.3-1_i386.udeb
busybox_1.19.3-1.debian.tar.gz
  to main/b/busybox/busybox_1.19.3-1.debian.tar.gz
busybox_1.19.3-1.dsc
  to main/b/busybox/busybox_1.19.3-1.dsc
busybox_1.19.3-1_i386.deb
  to main/b/busybox/busybox_1.19.3-1_i386.deb
busybox_1.19.3.orig.tar.bz2
  to main/b/busybox/busybox_1.19.3.orig.tar.bz2
udhcpc_1.19.3-1_all.deb
  to main/b/busybox/udhcpc_1.19.3-1_all.deb
udhcpd_1.19.3-1_all.deb
  to main/b/busybox/udhcpd_1.19.3-1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 635370@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Tokarev <mjt@tls.msk.ru> (supplier of updated busybox package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 30 Oct 2011 21:55:22 +0400
Source: busybox
Binary: busybox busybox-static busybox-udeb busybox-syslogd udhcpc udhcpd
Architecture: source all i386
Version: 1:1.19.3-1
Distribution: unstable
Urgency: low
Maintainer: Debian Install System Team <debian-boot@lists.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Description: 
 busybox    - Tiny utilities for small and embedded systems
 busybox-static - Standalone rescue shell with tons of builtin utilities
 busybox-syslogd - Provides syslogd and klogd using busybox
 busybox-udeb - Tiny utilities for the debian-installer (udeb)
 udhcpc     - Provides the busybox DHCP client implementation
 udhcpd     - Provides the busybox DHCP server implementation
Closes: 635370
Changes: 
 busybox (1:1.19.3-1) unstable; urgency=low
 .
   * another iteration around PLATFORM_LINUX change.
     Do not remove PLATFORM_LINUX in arch-specific configs,
     since it does not hide linux-specific options anyway.
     This should finally fix FTBFS on kfreebsd, and it
     makes config files exactly the same as they appear
     on linux platform.
   * add another patch (sent upstream) to mark modinfo
     selecting CONFIG_LINUX as all other linux-specific
     options.  Another FTBFS on kfreebsd and hurd
   * add a patch (and sent upstream) to use CBAUD definition
     conditionally in (rewritten in 0.19) getty.c - hurd does
     not have this #define.  FTBFS on hurd.
   * updated to upstream 1.19.3 (minor bugfix) release,
     removing all patches taken from upstream
   * static-math-overflow-on-big-endian.patch (sent upstream),
     to fix integer overflow in header on big-endian platform
     (closes: #635370)
Checksums-Sha1: 
 354fb5cccf2ecae8f77861662826ec71f5439307 1610 busybox_1.19.3-1.dsc
 692754db46b129c70921ffb84eaef679061c0952 2167188 busybox_1.19.3.orig.tar.bz2
 d2dd96a0ab8a6d113612e201667f59d506b26ca5 43740 busybox_1.19.3-1.debian.tar.gz
 c6ee31dd65b7c74a0e8ba7d1f0537e32d0c8cb91 14342 udhcpc_1.19.3-1_all.deb
 f665a2e446b6e3aa4bd5465bec39ed14ec9da649 17632 udhcpd_1.19.3-1_all.deb
 80026f2a514594e4b139838c90c64bc36c9336db 16688 busybox-syslogd_1.19.3-1_all.deb
 47c95af700d5787e9076cd24a8039b73cd5dfe14 780586 busybox-static_1.19.3-1_i386.deb
 7de8a29e12d53063218984e264f4786ef375ed6c 340716 busybox_1.19.3-1_i386.deb
 e06aa93031cf8d7ebb4b80926ecfb131251e5855 165486 busybox-udeb_1.19.3-1_i386.udeb
Checksums-Sha256: 
 4a947f60292a48ed47fe015b9ebe4c6597cc808d532d1a28bca96f3bb4a3eeb8 1610 busybox_1.19.3-1.dsc
 a1a9a35732c719ef384f02b6e357c324d8be25bc154af91a48c4264b1e6038f0 2167188 busybox_1.19.3.orig.tar.bz2
 36613bd7403e4ef2ad5ad3813d3ad814daefa40007f63815ba0977d1a50479a9 43740 busybox_1.19.3-1.debian.tar.gz
 f6b78ba130d853d1e49ef3a6ab1bbb693ac0c78249bf79becd162d2c9ab135ff 14342 udhcpc_1.19.3-1_all.deb
 01856bcf5f24e06919abc0ce837d0b1291c4edaa5526975987e47b7eef7e3fa9 17632 udhcpd_1.19.3-1_all.deb
 fe9b78330c470c7d77dcd56263b2b1b54ee0a8f6c39d804cca6a0f1a9a42d1dd 16688 busybox-syslogd_1.19.3-1_all.deb
 3353f1abdf494e0e67f7c0d2b0448567c7d9ab0a8fce086a75b42035f66e6e02 780586 busybox-static_1.19.3-1_i386.deb
 7c3a2f60f1466a206d7b337df683fd42ad2868ffaaadf129bbb6ab9ba3dafef4 340716 busybox_1.19.3-1_i386.deb
 5f78bcaad85c3e39305e9cd64b0148d738c088993887bcd3ae1635ba9cae04f7 165486 busybox-udeb_1.19.3-1_i386.udeb
Files: 
 1466b08282dbd1614960d456b0135c22 1610 utils optional busybox_1.19.3-1.dsc
 c3938e1ac59602387009bbf1dd1af7f6 2167188 utils optional busybox_1.19.3.orig.tar.bz2
 de5dd05c65c4adf6f8dd07e022e05ec1 43740 utils optional busybox_1.19.3-1.debian.tar.gz
 3f8bac846b6da1460e1553a4b10eb4cb 14342 net optional udhcpc_1.19.3-1_all.deb
 521d2786997b731ddd81d5655d547080 17632 net optional udhcpd_1.19.3-1_all.deb
 337aeeb340f605eb38e6b1eeedc54edc 16688 utils optional busybox-syslogd_1.19.3-1_all.deb
 fdbd4c71860148c67b3e31946fbde615 780586 shells extra busybox-static_1.19.3-1_i386.deb
 d245c62091cd6d916a96f84560f29a6a 340716 utils optional busybox_1.19.3-1_i386.deb
 15b2b88203fd3ea94a3bb3bcf77832e4 165486 debian-installer extra busybox-udeb_1.19.3-1_i386.udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iJwEAQECAAYFAk6tmgwACgkQUlPFrXTwyDgcQwP/TYcqnwXvN2qundJ5Ax787gYQ
cr5qkX99KOO+EN5jgmyKymVmXvuTnWxaCqIbTxXQEAsfbwpn0kh0S5Rj/OP/fnEL
+CfvZPJnT/NIPruEsi0ZT/stbN+zESoVeZ0iBhXP6YvO2Mv2fl+2TapkhUUUb6DT
lge4GQZ900VcqUZCm+0=
=QhPB
-----END PGP SIGNATURE-----





Bug No longer marked as fixed in versions busybox/1:1.19.3-1 and reopened. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 20 Nov 2011 12:15:02 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Install System Team <debian-boot@lists.debian.org>:
Bug#635370; Package src:busybox. (Sun, 20 Nov 2011 12:18:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Michael Tokarev <mjt@tls.msk.ru>:
Extra info received and forwarded to list. Copy sent to Debian Install System Team <debian-boot@lists.debian.org>. (Sun, 20 Nov 2011 12:18:06 GMT) Full text and rfc822 format available.

Message #19 received at 635370@bugs.debian.org (full text, mbox):

From: Michael Tokarev <mjt@tls.msk.ru>
To: 635370@bugs.debian.org
Subject: Re: Bug #635370: busybox: integer overflow in expression on big endian
Date: Sun, 20 Nov 2011 16:11:50 +0400
reopen 635370
thanks

For the fun out of it all.  The original code, even if
gcc produced a warning, worked correctly.  Several attempts
to silence this warning produced worse or incorrect _code_.
I'm reverting the "fix" and marking this bug as not fixed.

The issue here is that enums in C are signed.  So once you
set the most significant bit to 1 the result gets promoted
to larger size (64bit in this case).  So further arith with
this constant were done in 64bits instead of 32bits.

Thanks,

/mjt




Information stored :
Bug#635370; Package src:busybox. (Tue, 22 Nov 2011 22:00:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to Thorsten Glaser <tg@mirbsd.de>:
Extra info received and filed, but not forwarded. (Tue, 22 Nov 2011 22:00:08 GMT) Full text and rfc822 format available.

Message #24 received at 635370-quiet@bugs.debian.org (full text, mbox):

From: Thorsten Glaser <tg@mirbsd.de>
To: 635370-quiet@bugs.debian.org
Subject: reopened by busybox (1:1.19.3-3) unstable
Date: Tue, 22 Nov 2011 21:53:49 +0000 (UTC)
Just a note for others who might be reading this:

I talked to Michael on IRC, and it appears that more digging
is indeed required. We’ll do and talk to upstream about it.

bye,
//mirabilos
-- 
  “Having a smoking section in a restaurant is like having
          a peeing section in a swimming pool.”
						-- Edward Burr




Reply sent to Michael Tokarev <mjt@tls.msk.ru>:
You have taken responsibility. (Tue, 12 Jun 2012 11:06:03 GMT) Full text and rfc822 format available.

Notification sent to Thorsten Glaser <tg@mirbsd.de>:
Bug acknowledged by developer. (Tue, 12 Jun 2012 11:06:07 GMT) Full text and rfc822 format available.

Message #29 received at 635370-close@bugs.debian.org (full text, mbox):

From: Michael Tokarev <mjt@tls.msk.ru>
To: 635370-close@bugs.debian.org
Subject: Bug#635370: fixed in busybox 1:1.20.0-3
Date: Tue, 12 Jun 2012 11:02:26 +0000
Source: busybox
Source-Version: 1:1.20.0-3

We believe that the bug you reported is fixed in the latest version of
busybox, which is due to be installed in the Debian FTP archive:

busybox-static_1.20.0-3_i386.deb
  to main/b/busybox/busybox-static_1.20.0-3_i386.deb
busybox-syslogd_1.20.0-3_all.deb
  to main/b/busybox/busybox-syslogd_1.20.0-3_all.deb
busybox-udeb_1.20.0-3_i386.udeb
  to main/b/busybox/busybox-udeb_1.20.0-3_i386.udeb
busybox_1.20.0-3.debian.tar.gz
  to main/b/busybox/busybox_1.20.0-3.debian.tar.gz
busybox_1.20.0-3.dsc
  to main/b/busybox/busybox_1.20.0-3.dsc
busybox_1.20.0-3_i386.deb
  to main/b/busybox/busybox_1.20.0-3_i386.deb
udhcpc_1.20.0-3_i386.deb
  to main/b/busybox/udhcpc_1.20.0-3_i386.deb
udhcpd_1.20.0-3_i386.deb
  to main/b/busybox/udhcpd_1.20.0-3_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 635370@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Tokarev <mjt@tls.msk.ru> (supplier of updated busybox package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 02 Jun 2012 14:54:04 +0400
Source: busybox
Binary: busybox busybox-static busybox-udeb busybox-syslogd udhcpc udhcpd
Architecture: source all i386
Version: 1:1.20.0-3
Distribution: unstable
Urgency: low
Maintainer: Debian Install System Team <debian-boot@lists.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Description: 
 busybox    - Tiny utilities for small and embedded systems
 busybox-static - Standalone rescue shell with tons of builtin utilities
 busybox-syslogd - Provides syslogd and klogd using busybox
 busybox-udeb - Tiny utilities for the debian-installer (udeb)
 udhcpc     - Provides the busybox DHCP client implementation
 udhcpd     - Provides the busybox DHCP server implementation
Closes: 635370 635548
Changes: 
 busybox (1:1.20.0-3) unstable; urgency=low
 .
   * 1.20 had a few fixes which I forgot to mention:
     - integer overflow in expression on big endian (Closes: #635370)
       (I dislike the fix since it makes use of 64bit integers
       instead of using unsigned 32bit, but this is how upstream
       fixed it)
     - CVE-2011-2716 udhcpc insufficient checking of DHCP options (Closes: #635548)
       busybox dhcpd now replaces values of HOST_NAME, DOMAIN_NAME,
       NIS_DOMAIN, TFTP_SERVER_NAME with the literal string "bad"
       if these contains any bad characters.
   * applied stable patches from upstream (ash, man, ifupdown, tar)
Checksums-Sha1: 
 60eeeebaa9063717370174713a4409fdf4990933 1610 busybox_1.20.0-3.dsc
 20bd5adcbfb32bac41a7eb963cba80b1fcad3ae1 51184 busybox_1.20.0-3.debian.tar.gz
 31eb0e1882901dad5b50e6ad218c28aebfc93bda 19356 busybox-syslogd_1.20.0-3_all.deb
 488f5a0b1d0637eb6abfbc34de7a84bd6e0cefec 876936 busybox-static_1.20.0-3_i386.deb
 d06d577af0abc7c8bfbd01fd1c413c3fb45857da 439684 busybox_1.20.0-3_i386.deb
 81829b2a3d7e6fb47d46e5db9d06fd6feef2708e 17018 udhcpc_1.20.0-3_i386.deb
 10569b7d28e824c66d96a874a24e31198addda69 20324 udhcpd_1.20.0-3_i386.deb
 7a8555d042c945faa7e193e185f23932eaabf1fe 202436 busybox-udeb_1.20.0-3_i386.udeb
Checksums-Sha256: 
 fd70216c557d46c231d9d93c0dcb80d7ccf3275867031386a38d5298327101ee 1610 busybox_1.20.0-3.dsc
 435bb91ded64e074970496ba1da6cbe1bbaf7708780adbc43bcf378d31c5e843 51184 busybox_1.20.0-3.debian.tar.gz
 a2ad958a1fa02e8440a26319c06952ea3c08928a6f4e16174ef21c01dc1c2b04 19356 busybox-syslogd_1.20.0-3_all.deb
 e1cab2095e871c921c0d312985c280edb4b51b4a5f0b06a384f39d98434d223c 876936 busybox-static_1.20.0-3_i386.deb
 dfe0701e61071ee42a77f4683bfa13f8c04f2485198ec8ccadc4a01997e49c07 439684 busybox_1.20.0-3_i386.deb
 902815928b6158766d304673389003ef444c702cae4b1b73a101b1e6d5c05ae4 17018 udhcpc_1.20.0-3_i386.deb
 5407d304ab7d0605aa7390d72b9d77bf56e7b76c7a24b8786e70c917ba8a3fb9 20324 udhcpd_1.20.0-3_i386.deb
 d04c402a94477bd4d891c7ad28bf7f3ff303cc0770a0c93ba317f98e8f1dbc71 202436 busybox-udeb_1.20.0-3_i386.udeb
Files: 
 9512e17e0b1105f7a8c14a21ed30b1d6 1610 utils optional busybox_1.20.0-3.dsc
 e9640d24fc54a4bc8909bd6c228f3e6c 51184 utils optional busybox_1.20.0-3.debian.tar.gz
 300214c269a3dedc63e2d790b8a3ad9c 19356 utils optional busybox-syslogd_1.20.0-3_all.deb
 62dca991bfbf4b4a10e4b7bd19834684 876936 shells extra busybox-static_1.20.0-3_i386.deb
 7aaa4659813e6cde9123ed8d51981dc8 439684 utils optional busybox_1.20.0-3_i386.deb
 3fdec9a078bee1da61ac28ae6d543ece 17018 net optional udhcpc_1.20.0-3_i386.deb
 104d66badb26a1ecfd8b6f7614a1441a 20324 net optional udhcpd_1.20.0-3_i386.deb
 49722875a87faf8577c8bec8ea0a59e0 202436 debian-installer extra busybox-udeb_1.20.0-3_i386.udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iJwEAQECAAYFAk/XHqgACgkQUlPFrXTwyDhIdQP7BQLVktj88/Znt/8/Dm7Ab26l
Tg1WUM7BS8VpzpJTSL59xt5XWINdz9J/ubCLmULO+FEUpur4H4EwvONq+J6M4iLr
7XAhY4707rQuxvq+hn5m6qW+OvKqREVx+ThQG3mzZUC1Fl7ESuM3MOL3mr1H7aWG
xt6jbdKGCvIH7MXLV7g=
=e637
-----END PGP SIGNATURE-----





Bug reassigned from package 'src:busybox' to 'busybox'. Request was from mjt@tls.msk.ru (Michael Tokarev) to control@bugs.debian.org. (Sat, 11 Aug 2012 19:12:05 GMT) Full text and rfc822 format available.

No longer marked as found in versions busybox/1.18.5-1. Request was from mjt@tls.msk.ru (Michael Tokarev) to control@bugs.debian.org. (Sat, 11 Aug 2012 19:12:05 GMT) Full text and rfc822 format available.

No longer marked as fixed in versions busybox/1:1.20.0-3. Request was from mjt@tls.msk.ru (Michael Tokarev) to control@bugs.debian.org. (Sat, 11 Aug 2012 19:12:06 GMT) Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 09 Sep 2012 07:27:18 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 08:26:52 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.