[SRU] crash in getlogin()

Bug #658907 reported by Anders Kaseorg on 2010-10-12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
eglibc (Ubuntu)
Kees Cook

Bug Description

In maverick with libc6 2.12.1-0ubuntu6, the cvs postinst can sometimes trigger the following crash inside getlogin():

Program received signal SIGSEGV, Segmentation fault.
#0 0x00321755 in internal_getpwuid_r (uid=<value optimized out>,
    result=<value optimized out>, ent=0xbfffb65c,
    buffer=0xbfffef60 "festival", buflen=8192, errnop=0xb7fe6688)
    at nss_compat/compat-pwd.c:946
#1 0x00321b63 in _nss_compat_getpwuid_r (uid=4294967295, pwd=0xbffff384,
    buffer=0xbfffef60 "festival", buflen=8192, errnop=0xb7fe6688)
    at nss_compat/compat-pwd.c:1112
#2 0x0023b41d in __getpwuid_r (uid=4294967295, resbuf=0xbffff384,
    buffer=0xbfffef60 "festival", buflen=8192, result=0xbffff3ac)
    at ../nss/getXXbyYY_r.c:253
#3 0x0025d1fc in __getlogin_r_loginuid (name=0x2fed40 "", namesize=33)
    at ../sysdeps/unix/sysv/linux/getlogin_r.c:63
#4 0x0025cefd in getlogin () at ../sysdeps/unix/sysv/linux/getlogin.c:35

This bug was introduced by glibc-2.12~113 (so it is a regression from 2.11.x and earlier):

It was fixed in the first three commits after glibc-2.12.1:

Anders Kaseorg (andersk) wrote :

Here’s a debdiff with the upstream commits. I built it in my PPA <https://launchpad.net/~anders-kaseorg/+archive/ppa> and tested that it fixes the crash.

tags: added: patch patch-accepted-upstream
Anders Kaseorg (andersk) wrote :

For verification purposes, here’s a simple way to reproduce the crash. In /etc/nsswitch.conf, change
  passwd: compat
  passwd: compat nis
Then run
  $ sudo cvs -d $(mktemp -dt cvstest.XXXXXX) init
  Segmentation fault

Martin Pitt (pitti) wrote :

SRU ACK, please upload.

Anders Kaseorg (andersk) on 2010-10-15
summary: - crash in getlogin()
+ [SRU] crash in getlogin()
C de-Avillez (hggdh2) on 2010-10-18
Changed in eglibc (Ubuntu):
importance: Undecided → Medium
status: New → Confirmed
Matthias Klose (doko) wrote :

please copy the package into natty when built.

Changed in eglibc (Ubuntu Maverick):
importance: Undecided → Medium
status: New → In Progress
Anders Kaseorg (andersk) wrote :

This patch got replaced with the critical CVE-2010-3847 security update, and needs to be re-uploaded as 2.12.1-0ubuntu9.

Anders Kaseorg (andersk) wrote :

Here’s a new debdiff against 2.12.1-0ubuntu8 (identical to the last debdiff modulo debian/changelog). Please reupload.

Sebastien Bacher (seb128) wrote :

Kees, Mathias, could one of you sponsor that upload if you think it makes sense for a sru?

Kees Cook (kees) on 2010-11-04
Changed in eglibc (Ubuntu Maverick):
status: In Progress → Fix Committed
assignee: nobody → Kees Cook (kees)
Kees Cook (kees) wrote :

I've uploaded this, it's waiting for approval in the -proposed queue now.

Accepted eglibc into maverick-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

tags: added: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package eglibc - 2.12.1-0ubuntu9

eglibc (2.12.1-0ubuntu9) maverick-proposed; urgency=low

  * debian/patches/any/cvs-getlogin_r-error-handling-1.patch,
    Take upstream commits c8727fa6, 5305f9b0, d48b7607 from
    release/2.12/master to fix a crash in getlogin(). (LP: #658907)
 -- Anders Kaseorg <email address hidden> Mon, 01 Nov 2010 15:42:35 -0400

Changed in eglibc (Ubuntu Maverick):
status: Fix Committed → Fix Released
Anders Kaseorg (andersk) wrote :

Thanks. I’ve verified that 2.12.1-0ubuntu9 works and fixes the crash.

Martin Pitt (pitti) on 2010-11-11
tags: added: verification-done
removed: verification-needed
Matthias Klose (doko) wrote :

package copied to natty

Changed in eglibc (Ubuntu Natty):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers