Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 161172 - /usr/lib/amanda/chg-scsi causes buffer overflow
Summary: /usr/lib/amanda/chg-scsi causes buffer overflow
Alias: None
Product: Fedora
Classification: Fedora
Component: amanda
Version: 6
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Radek Brich
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2005-06-21 00:45 UTC by Burn Alting
Modified: 2008-03-06 09:29 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2008-03-06 09:29:51 UTC

Attachments (Terms of Use)

Description Burn Alting 2005-06-21 00:45:56 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Fedora/1.0.4-1.3.1 Firefox/1.0.4

Description of problem:
When executing chg-scsi, a buffer overflow occurs when opening a scsi device. The problem is in changer-src/scsi-changer-driver.c:OpenDevice().

A temporary variable, tmpstr is declared with just 15 bytes, and is first used in
If the string 'pDev[0].type' is greater than 15 - 8 - 1 = 6 characters, and in my execution of chg-scsi it is the string 'changer', we get a buffer overflow.

Suggest increasing the size of the variable as a temporary measure.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Configure amanda to usr chg-scsi
2. run /usr/lib/amanda/cgh-scsi -info

Actual Results:  # /usr/lib/amanda/chg-scsi -info
*** buffer overflow detected ***: /usr/lib/amanda/chg-scsi terminated
======= Backtrace: =========

Expected Results:  No buffer overflow

Additional info:

Comment 1 Stephen Walton 2005-11-05 18:21:07 UTC
I have the same problem as the reporter but am not certain the diagnosis is
correct.  I just installed FC4 on a system which was previously running FC1, and
decided to try the Fedora amanda RPMS.  But, I have a copy of Amanda 2.4.4p3
which I compiled myself on FC1.  The source I used to build contains the same
declaration of tmpstr, and yet the unmodified chg-scsi executable from that FC1
build works fine on FC4.

Comment 2 Arjan van de Ven 2005-11-07 09:16:05 UTC
FC4 has more extensive buffer overflow checks than FC1; these get put in by the
compiler so binaries compiled on FC1 just silently overflow the buffer while
binaries built on FC4 detect this bug.

Comment 3 Christian Iseli 2007-01-22 10:11:01 UTC
This report targets the FC3 or FC4 products, which have now been EOL'd.

Could you please check that it still applies to a current Fedora release, and
either update the target product or close it ?


Comment 4 Burn Alting 2007-02-20 06:08:08 UTC
Bug still present in FC6 as it's using amanda 2.5.0. The bug has been fixed in a
later release of amanda - it's certainaly fixed in amanda-2.5.1p3

Comment 5 Radek Brich 2008-03-06 09:29:51 UTC
FC6 is EOL, closing as WONTFIX
although the fix is in dist CVS, the rpm can't get into repo now...

Note You need to log in before you can comment on or make changes to this bug.