Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 161752 - buffer overflow in genkdmconf
Summary: buffer overflow in genkdmconf
Keywords:
Status: CLOSED DUPLICATE of bug 161751
Alias: None
Product: Fedora
Classification: Fedora
Component: kdebase
Version: 4
Hardware: i686
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Ngo Than
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-06-26 23:54 UTC by Andrea Santilli
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-06-27 11:34:16 UTC


Attachments (Terms of Use)

Description Andrea Santilli 2005-06-26 23:54:05 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; it-IT; rv:1.7.8) Gecko/20050524 Fedora/1.0.4-4 Firefox/1.0.4

Description of problem:
There is a buffer overflow in genkdmconf.
I've already reported the bug to security@kde.org but the rpm should be fixed.

I discovered it by simply rebuilding the kdebase srpm.
In %install stage I got this error:

./genkdmconf --in /var/tmp/kdebase-3.4.1-0.fc4.1.kwinshadows-buildroot/usr/share/config/kdm --face-src ./pics
Information: reading old kdmrc /usr/share/config/kdm/kdmrc (from kde >= 2.2.x)
Information: dropping key SessionTypes from section [X-*-Greeter]
Information: old kdmrc is from kde 3.0
*** buffer overflow detected ***: ./genkdmconf terminated
======= Backtrace: =========
/lib/libc.so.6(__chk_fail+0x41)[0x635565]
/lib/libc.so.6[0x63502f]
/lib/libc.so.6(__snprintf_chk+0x37)[0x634f23]
./genkdmconf[0x804d846]
/lib/libc.so.6(__libc_start_main+0xc6)[0x56bde6]
./genkdmconf[0x8048fd1]
======= Memory map: ========
00171000-00172000 r-xp 00171000 00:00 0
00535000-0054f000 r-xp 00000000 03:06 51868689   /lib/ld-2.3.5.so
0054f000-00550000 r-xp 00019000 03:06 51868689   /lib/ld-2.3.5.so
00550000-00551000 rwxp 0001a000 03:06 51868689   /lib/ld-2.3.5.so
00557000-0067b000 r-xp 00000000 03:06 51872972   /lib/libc-2.3.5.so
0067b000-0067d000 r-xp 00124000 03:06 51872972   /lib/libc-2.3.5.so
0067d000-0067f000 rwxp 00126000 03:06 51872972   /lib/libc-2.3.5.so
0067f000-00681000 rwxp 0067f000 00:00 0
006a9000-006ab000 r-xp 00000000 03:06 51872974   /lib/libdl-2.3.5.so
006ab000-006ac000 r-xp 00001000 03:06 51872974   /lib/libdl-2.3.5.so
006ac000-006ad000 rwxp 00002000 03:06 51872974   /lib/libdl-2.3.5.so
008e8000-008f1000 r-xp 00000000 03:06 51872976   /lib/libgcc_s-4.0.0-20050520.so.1
008f1000-008f2000 rwxp 00009000 03:06 51872976   /lib/libgcc_s-4.0.0-20050520.so.1
009c2000-00a92000 r-xp 00000000 03:06 235041898  /usr/X11R6/lib/libX11.so.6.2
00a92000-00a96000 rwxp 000cf000 03:06 235041898  /usr/X11R6/lib/libX11.so.6.2
08048000-08058000 r-xp 00000000 03:06 2915703    /usr/src/redhat/BUILD/kdebase-3.4.1/kdm/kfrontend/genkdmconf
08058000-0805a000 rw-p 0000f000 03:06 2915703    /usr/src/redhat/BUILD/kdebase-3.4.1/kdm/kfrontend/genkdmconf
09364000-09385000 rw-p 09364000 00:00 0          [heap]
b7fc8000-b7fc9000 rw-p b7fc8000 00:00 0
b7ff5000-b7ff7000 rw-p b7ff5000 00:00 0
bfce1000-bfcf7000 rw-p bfce1000 00:00 0          [stack]

The bug is in line 2804 of kdm/kfrontend/genkdmconf.c file:
sprintf( nname, "%s/README", newdir );

Regards

Version-Release number of selected component (if applicable):
3.4.1-0.fc4.1

How reproducible:
Always

Steps to Reproduce:
1. Recompile the kdebase srpm
2. or compile and install kdebase sources
3. get the buffer overflow error
  

Actual Results:  get the *** buffer overflow detected *** error and all the backtrace while the installation calls genkdmconf

Expected Results:  no buffer overflow in genkdmconf

Additional info:

Comment 1 Andrea Santilli 2005-06-27 11:34:16 UTC

*** This bug has been marked as a duplicate of 161751 ***


Note You need to log in before you can comment on or make changes to this bug.