| 2018-10-19 04:32:40 |
Alex Murray |
bug |
|
|
added bug |
| 2018-10-19 04:32:40 |
Alex Murray |
attachment added |
|
PoC from upstream bug report https://bugs.launchpad.net/bugs/1798725/+attachment/5202814/+files/PoC_pcre_gnome.zip |
|
| 2018-10-25 11:50:27 |
Alex Murray |
bug |
|
|
added subscriber Camille Gay |
| 2018-10-25 11:54:06 |
Alex Murray |
bug watch added |
|
http://bugs.exim.org/show_bug.cgi?id=2330 |
|
| 2018-10-25 11:54:46 |
Alex Murray |
attachment added |
|
PoC using libpcre (ie without libglib) https://bugs.launchpad.net/ubuntu/+source/pcre3/+bug/1798725/+attachment/5205348/+files/PoC.c |
|
| 2018-10-26 11:10:04 |
Alex Murray |
affects |
pcre3 (Ubuntu) |
gvfs (Ubuntu) |
|
| 2018-10-30 00:39:05 |
Alex Murray |
information type |
Public Security |
Public |
|
| 2018-10-30 00:40:40 |
Alex Murray |
summary |
Content "n\xff=" can crash libpcre when an application is matching the pattern \s*= |
gvfs may crash when parsing non-valid UTF8 in autorun.inf |
|
| 2018-11-13 21:02:34 |
Sebastien Bacher |
gvfs (Ubuntu): importance |
Undecided |
High |
|
| 2018-11-13 21:02:36 |
Sebastien Bacher |
gvfs (Ubuntu): status |
Confirmed |
Fix Committed |
|
| 2018-11-13 21:11:03 |
Sebastien Bacher |
description |
Reported upstream at https://bugs.exim.org/show_bug.cgi?id=2330 - libpcre3 can be made to crash when matching the pattern \s*= when the context is n\xff=
Able to reproduce on current Bionic using the PoC attached (which is copied directly from the upstream bug report) - in a fresh Bionic VM:
$ sudo apt install build-essential libgtk2.0-dev
$ cd PCRE_PoC
$ ./compilePoC.sh
$ ./PoC
Content:
-------------------
n�=
-------------------
Pattern:
-------------------
\s*=
---------------------
Segmentation fault (core dumped)
Haven't yet tested the second PoC via an external disk autorun.inf and gvfs-udisks2-volume-monitor.
Also haven't tested in Cosmic / older releases |
* Impact
gvfs can be made to segfault by being provided an invalid autorun.inf
* Test Case
Use the proof of concept from bellow to generate an invalid autorun.inf and place it on an usb drive, connect the drive to the computer, gvfs shouldn't hit a segfault
* Regression potential
Check that the autorun feature keeps working
-----------------------
Reported upstream at https://bugs.exim.org/show_bug.cgi?id=2330 - libpcre3 can be made to crash when matching the pattern \s*= when the context is n\xff=
Able to reproduce on current Bionic using the PoC attached (which is copied directly from the upstream bug report) - in a fresh Bionic VM:
$ sudo apt install build-essential libgtk2.0-dev
$ cd PCRE_PoC
$ ./compilePoC.sh
$ ./PoC
Content:
-------------------
n�=
-------------------
Pattern:
-------------------
\s*=
---------------------
Segmentation fault (core dumped)
Haven't yet tested the second PoC via an external disk autorun.inf and gvfs-udisks2-volume-monitor.
Also haven't tested in Cosmic / older releases |
|
| 2018-11-13 23:55:54 |
Alex Murray |
attachment added |
|
autorun.inf https://bugs.launchpad.net/ubuntu/+source/gvfs/+bug/1798725/+attachment/5212446/+files/autorun.inf |
|
| 2018-11-17 13:12:43 |
Launchpad Janitor |
gvfs (Ubuntu): status |
Fix Committed |
Fix Released |
|
| 2018-11-20 17:32:07 |
Brian Murray |
gvfs (Ubuntu Cosmic): status |
New |
Fix Committed |
|
| 2018-11-20 17:32:09 |
Brian Murray |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2018-11-20 17:32:10 |
Brian Murray |
bug |
|
|
added subscriber SRU Verification |
| 2018-11-20 17:32:15 |
Brian Murray |
tags |
|
verification-needed verification-needed-cosmic |
|
| 2018-11-20 17:58:02 |
Brian Murray |
gvfs (Ubuntu Bionic): status |
New |
Fix Committed |
|
| 2018-11-20 17:58:12 |
Brian Murray |
tags |
verification-needed verification-needed-cosmic |
verification-needed verification-needed-bionic verification-needed-cosmic |
|
| 2018-11-21 06:03:56 |
Alex Murray |
tags |
verification-needed verification-needed-bionic verification-needed-cosmic |
verification-failed-cosmic verification-needed verification-needed-bionic |
|
| 2018-11-21 06:07:07 |
Alex Murray |
tags |
verification-failed-cosmic verification-needed verification-needed-bionic |
verification-done-bionic verification-failed-cosmic verification-needed |
|
| 2018-11-21 16:08:48 |
Brian Murray |
tags |
verification-done-bionic verification-failed-cosmic verification-needed |
verification-done-bionic verification-needed verification-needed-cosmic |
|
| 2018-11-22 01:41:46 |
Alex Murray |
tags |
verification-done-bionic verification-needed verification-needed-cosmic |
verification-done-bionic verification-done-cosmic verification-needed |
|
| 2019-01-15 15:44:31 |
Launchpad Janitor |
gvfs (Ubuntu Cosmic): status |
Fix Committed |
Fix Released |
|
| 2019-01-15 15:44:39 |
Brian Murray |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
| 2019-01-15 15:46:36 |
Launchpad Janitor |
gvfs (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
