Ubuntu
coreutils package

Checking and handling various filetypes in fmt

Bug #1808092 reported by Snahil Singh on 2018-12-12

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	coreutils (Ubuntu)	Won't Fix	Medium	Unassigned

Bug Description

fmt doesn't check filetypes of the input arguments passed to it, it just opens the file and reads from it without checking its st_mode. It only throws an error if the file doesn't exist and can't handle the following filetypes - S_IFCHR, S_IFBLK and S_IFBLK. Passing a file from any of these types will possibly hang or crash the application.

For more reference, please visit the below link-
(https://github.com/pkmoore/rrapper/blob/master/anomalies/weird_filetypes.md)

I have attached a patch that checks for the above mentioned filetypes and handles them accordingly.
Please let me know if you have any questions or suggestions regarding this, will be happy to answer them.

Thank you
Snahil Singh
<email address hidden>

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: coreutils 8.28-1ubuntu1
ProcVersionSignature: Ubuntu 4.15.0-39.42-generic 4.15.18
Uname: Linux 4.15.0-39-generic i686
ApportVersion: 2.20.9-0ubuntu7.5
Architecture: i386
CurrentDesktop: XFCE
Date: Tue Dec 11 20:01:58 2018
ExecutablePath: /usr/bin/fmt
InstallationDate: Installed on 2018-11-07 (35 days ago)
InstallationMedia: Xubuntu 18.04 LTS "Bionic Beaver" - Release i386 (20180426)
SourcePackage: coreutils
UpgradeStatus: No upgrade log present (probably fresh install)

See original description

Tags:

Revision history for this message

Snahil Singh (snahil) wrote on 2018-12-12:

Dependencies.txt Edit (173 bytes, text/plain; charset="utf-8")
ProcCpuinfoMinimal.txt Edit (1.1 KiB, text/plain; charset="utf-8")
ProcEnviron.txt Edit (109 bytes, text/plain; charset="utf-8")
ProcMaps.txt Edit (1.3 KiB, text/plain; charset="utf-8")
ProcStatus.txt Edit (1.0 KiB, text/plain; charset="utf-8")

information type:

Private Security → Public Security

Snahil Singh (snahil) on 2018-12-12

description:

updated

Revision history for this message

Snahil Singh (snahil) wrote on 2018-12-12:

fmt.patch Edit (2.9 KiB, text/plain)

Following is the patch to check different filetypes in fmt and then raise error accordingly. It includes changes in the fmt.c file and tests/fmt/base.pl files in coreutils.

Revision history for this message

Ubuntu Foundations Team Bug Bot (crichton) wrote on 2018-12-12:

The attachment "fmt.patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags:

added: patch

Brian Murray (brian-murray) on 2018-12-12

Changed in coreutils (Ubuntu):
importance:	Undecided → Medium

Revision history for this message

C de-Avillez (hggdh2) wrote on 2018-12-28:

Thank you for opening this bug and helping make Ubuntu/GNU Coreutils better. I have sent email to <email address hidden> asking about this, and a few other bugs relating to the same basic issue, and am waiting on feedback from upstream:

Hello,

We have had some bugs reported recently at our BTS:

https://bugs.launchpad.net/bugs/1807295
https://bugs.launchpad.net/bugs/1807797
https://bugs.launchpad.net/bugs/1808092
https://bugs.launchpad.net/bugs/1808095

They deal with sort, split, fmt, and uniq, respectively, and provide tentative patches.

I would like to re-direct the reporters to upstream (i.e., you folks), but I feel it would be nice to do the redirect with a small blurb of what upstream thinks about that.

Thank you,

..C..

Marc Deslauriers (mdeslaur) on 2019-01-18

information type:

Public Security → Public

Revision history for this message

C de-Avillez (hggdh2) wrote on 2019-01-18:

First of all, I apologise for the delay.

Given what upstream, below, answered, I am closing this bug WONTFIX. Please contact Coreutils upstream at <email address hidden> for more details.

In general, changes to Coreutils code should be submitted upstream. Distro-wise, we very rarely deviate from upstream (and, for Coreutils and many of the Ubuntu packages, from Debian).

Cheers,

------ email from upstream ------

Hello,

On 2018-12-28 11:21 a.m., C de-Avillez wrote:
> We have had some bugs reported recently at our BTS:
>
> https://bugs.launchpad.net/bugs/1807295
> https://bugs.launchpad.net/bugs/1807797
> https://bugs.launchpad.net/bugs/1808092
> https://bugs.launchpad.net/bugs/1808095
>
> They deal with sort, split, fmt, and uniq, respectively, and provide
> tentative patches.

A summary other mailing-list readers:

The "filetype" in question is regular files vs fifo / char devices /
block /devices.

The four requests all say something like:

"Sort like many other applications does not check for file types of the
inputs that are passed in as arguments. [...] For example, sorting files
that of type block/character/fifo does not make much sense as it will
just hang or use up all cpu cycles. "

> I would like to re-direct the reporters to upstream (i.e., you folks),
> but I feel it would be nice to do the redirect with a small blurb of
> what upstream thinks about that.

First and foremost,
I think these are not bugs, and this is perfectly valid behavior.
If a user wants to process a non-regular file, they can do so.

The reasoning of "wasting" CPU/memory can be just as valid to
processing arbitrary large binary files.

---

Also,
Few observations:
1. These four issues were reported by different people (all new
LaunchPad users), during very short time period (second week of
december).

2. Three out of the four link to this
document, which explains about different file types as part of what
looks like a sys-call exerciser:
https://github.com/pkmoore/rrapper/blob/master/anomalies/weird_filetypes.md

3. The above document mention but does not explain what "S_IFSOCK" is,
and (perhaps as a result) none of their patches deals with S_IFSOCK
(despite that everything said about char-devices and fifos applies
to sockets as well).

4. Rejecting FIFOs as input indicates the submitters have some lack of
familiarity with unix command-line.

Given all the above,
I suspect this is part of a homework exercise given to students at some
college, perhaps something like "find bugs in an free software project
and submit a patch to them".

While good intentioned, these suggestions should be rejected as
"wontfix".

For any students or potential contributers who want to start working on
GNU coreutils - PLEASE write to <email address hidden> and introduce
yourself, and we will easily provide ideas on useful contributions
that would be accepted.

Of course, the above is just my opinion, and others are welcomed
to chime in.

regards,
- assaf

First of all, I apologise for the delay.

Given what upstream, below, answered, I am closing this bug WONTFIX. Please contact Coreutils upstream at coreutils@gnu.org for more details.

In general, changes to Coreutils code should be submitted upstream. Distro-wise, we very rarely deviate from upstream (and, for Coreutils and many of the Ubuntu packages, from Debian).

Cheers,

------ email from upstream ------

Hello,

On 2018-12-28 11:21 a.m., C de-Avillez wrote:
> We have had some bugs reported recently at our BTS:
> 
> https://bugs.launchpad.net/bugs/1807295
> https://bugs.launchpad.net/bugs/1807797
> https://bugs.launchpad.net/bugs/1808092
> https://bugs.launchpad.net/bugs/1808095
> 
> They deal with sort, split, fmt, and uniq, respectively, and provide
> tentative patches.

A summary other mailing-list readers:

The "filetype" in question is regular files vs fifo / char devices / 
block /devices.

The four requests all say something like:

"Sort like many other applications does not check for file types of the 
inputs that are passed in as arguments. [...] For example, sorting files 
that of type block/character/fifo does not make much sense as it will 
just hang or use up all cpu cycles. "

> I would like to re-direct the reporters to upstream (i.e., you folks),
> but I feel it would be nice to do the redirect with a small blurb of
> what upstream thinks about that.

First and foremost,
I think these are not bugs, and this is perfectly valid behavior.
If a user wants to process a non-regular file, they can do so.

The reasoning of "wasting" CPU/memory can be just as valid to
processing arbitrary large binary files.

---

Also,
Few observations:
1. These four issues were reported by different people (all new 
LaunchPad users), during very short time period (second week of
december).

4. Rejecting FIFOs as input indicates the submitters have some lack of
familiarity with unix command-line.

Given all the above,
I suspect this is part of a homework exercise given to students at some
college, perhaps something like "find bugs in an free software project
and submit a patch to them".

While good intentioned, these suggestions should be rejected as
"wontfix".

For any students or potential contributers who want to start working on
GNU coreutils - PLEASE write to coreutils@gnu.org and introduce
yourself, and we will easily provide ideas on useful contributions
that would be accepted.

Of course, the above is just my opinion, and others are welcomed
to chime in.

regards,
  - assaf