buffer overflow in debugger's socket handler
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenJDK |
Unknown
|
Medium
|
|||
openjdk-6 (Ubuntu) |
Fix Released
|
Undecided
|
Matthias Klose |
Bug Description
When compiled with fortification:
$ /usr/lib/
[1] 8785
Listening for transport dt_socket at address: 50701
$ echo -n "Here's a poke in the eye" | nc -v localhost 50701
*** buffer overflow detected ***: /usr/lib/
======= Backtrace: =========
/lib/libc.
/lib/libc.
/lib/libc.
/usr/lib/
/usr/lib/
/usr/lib/
...
This is due to openjdk/
Debugger failed to attach: handshake failed - received >Here's a poke < - excepted >JDWP-Handshake<
64 vs 73 bytes.
Found while investigating test regression in bug 330713.
ProblemType: Bug
Architecture: amd64
Date: Tue Aug 25 21:23:34 2009
DistroRelease: Ubuntu 9.10
Package: openjdk-6-jdk 6b16-1.
ProcEnviron:
LANGUAGE=
PATH=(custom, user)
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcVersionSign
SourcePackage: openjdk-6
Uname: Linux 2.6.31-6-generic x86_64
Related branches
Changed in openjdk: | |
status: | Unknown → Confirmed |
Changed in openjdk: | |
status: | Confirmed → Unknown |
Changed in openjdk: | |
importance: | Unknown → Medium |
Fix for overflow.