Ubuntu
gw6c package

  1. Bug #418176
  2. Activity log

Activity log for bug #418176

Date Who What changed Old value New value Message
2009-08-24 15:02:53 ooze bug added bug
2009-10-10 13:05:26 ooze affects tspc (Ubuntu) gw6c (Ubuntu)
2009-11-05 22:51:12 ooze branch linked lp:~philippe-gauthier/ubuntu/karmic/gw6c/gw6c-validation-client-v4.lp418176
2009-11-05 22:53:04 ooze gw6c (Ubuntu): status New In Progress
2009-11-13 16:57:57 ooze description Binary package hint: tspc The gw6c daemon will crash on start. When I rebuild the gw6c package with debug symbols, I no longer get a crash. However, doing this also turned compiler optimizations off. $ lsb_release -rd Description: Ubuntu karmic (development branch) Release: 9.10 $ apt-cache policy gw6c gw6c: Installé : 6.0.1dfsg.1-3 Candidat : 6.0.1dfsg.1-3 Table de version : *** 6.0.1dfsg.1-3 0 500 http://archive.ubuntu.com karmic/universe Packages 100 /var/lib/dpkg/status $ sudo /usr/sbin/gw6c *** buffer overflow detected ***: /usr/sbin/gw6c terminated ======= Backtrace: ========= /lib/libc.so.6(__fortify_fail+0x37)[0x7f5cb2207437] /lib/libc.so.6[0x7f5cb22063e0] /usr/sbin/gw6c[0x421496] /usr/sbin/gw6c[0x41d1d3] /usr/sbin/gw6c[0x41815a] /usr/sbin/gw6c[0x405bc4] /usr/sbin/gw6c[0x405fb0] /usr/sbin/gw6c[0x410d27] /lib/libc.so.6(__libc_start_main+0xfd)[0x7f5cb212eacd] /usr/sbin/gw6c[0x404ea9] ======= Memory map: ======== 00400000-00430000 r-xp 00000000 fc:00 86668 /usr/sbin/gw6c 0062f000-00630000 r--p 0002f000 fc:00 86668 /usr/sbin/gw6c 00630000-00632000 rw-p 00030000 fc:00 86668 /usr/sbin/gw6c 00632000-00647000 rw-p 00000000 00:00 0 01c80000-01ca1000 rw-p 00000000 00:00 0 [heap] 7f5cb1a70000-7f5cb1af2000 r-xp 00000000 fc:00 3145761 /lib/libm-2.10.1.so 7f5cb1af2000-7f5cb1cf2000 ---p 00082000 fc:00 3145761 /lib/libm-2.10.1.so 7f5cb1cf2000-7f5cb1cf3000 r--p 00082000 fc:00 3145761 /lib/libm-2.10.1.so 7f5cb1cf3000-7f5cb1cf4000 rw-p 00083000 fc:00 3145761 /lib/libm-2.10.1.so 7f5cb1cf4000-7f5cb1d0a000 r-xp 00000000 fc:00 3145774 /lib/libz.so.1.2.3.3 7f5cb1d0a000-7f5cb1f0a000 ---p 00016000 fc:00 3145774 /lib/libz.so.1.2.3.3 7f5cb1f0a000-7f5cb1f0b000 r--p 00016000 fc:00 3145774 /lib/libz.so.1.2.3.3 7f5cb1f0b000-7f5cb1f0c000 rw-p 00017000 fc:00 3145774 /lib/libz.so.1.2.3.3 7f5cb1f0c000-7f5cb1f0e000 r-xp 00000000 fc:00 3145760 /lib/libdl-2.10.1.so 7f5cb1f0e000-7f5cb210e000 ---p 00002000 fc:00 3145760 /lib/libdl-2.10.1.so 7f5cb210e000-7f5cb210f000 r--p 00002000 fc:00 3145760 /lib/libdl-2.10.1.so 7f5cb210f000-7f5cb2110000 rw-p 00003000 fc:00 3145760 /lib/libdl-2.10.1.so 7f5cb2110000-7f5cb2276000 r-xp 00000000 fc:00 3145746 /lib/libc-2.10.1.so 7f5cb2276000-7f5cb2475000 ---p 00166000 fc:00 3145746 /lib/libc-2.10.1.so 7f5cb2475000-7f5cb2479000 r--p 00165000 fc:00 3145746 /lib/libc-2.10.1.so 7f5cb2479000-7f5cb247a000 rw-p 00169000 fc:00 3145746 /lib/libc-2.10.1.so 7f5cb247a000-7f5cb247f000 rw-p 00000000 00:00 0 7f5cb247f000-7f5cb2499000 r-xp 00000000 fc:00 229630 /lib/libgcc_s.so.1 7f5cb2499000-7f5cb2698000 ---p 0001a000 fc:00 229630 /lib/libgcc_s.so.1 7f5cb2698000-7f5cb2699000 r--p 00019000 fc:00 229630 /lib/libgcc_s.so.1 7f5cb2699000-7f5cb269a000 rw-p 0001a000 fc:00 229630 /lib/libgcc_s.so.1 7f5cb269a000-7f5cb278a000 r-xp 00000000 fc:00 83848 /usr/lib/libstdc++.so.6.0.12 7f5cb278a000-7f5cb298a000 ---p 000f0000 fc:00 83848 /usr/lib/libstdc++.so.6.0.12 7f5cb298a000-7f5cb2991000 r--p 000f0000 fc:00 83848 /usr/lib/libstdc++.so.6.0.12 7f5cb2991000-7f5cb2993000 rw-p 000f7000 fc:00 83848 /usr/lib/libstdc++.so.6.0.12 7f5cb2993000-7f5cb29a8000 rw-p 00000000 00:00 0 7f5cb29a8000-7f5cb29bf000 r-xp 00000000 fc:00 3145772 /lib/libpthread-2.10.1.so 7f5cb29bf000-7f5cb2bbe000 ---p 00017000 fc:00 3145772 /lib/libpthread-2.10.1.so 7f5cb2bbe000-7f5cb2bbf000 r--p 00016000 fc:00 3145772 /lib/libpthread-2.10.1.so 7f5cb2bbf000-7f5cb2bc0000 rw-p 00017000 fc:00 3145772 /lib/libpthread-2.10.1.so 7f5cb2bc0000-7f5cb2bc4000 rw-p 00000000 00:00 0 7f5cb2bc4000-7f5cb2d24000 r-xp 00000000 fc:00 3145863 /lib/libcrypto.so.0.9.8 7f5cb2d24000-7f5cb2f24000 ---p 00160000 fc:00 3145863 /lib/libcrypto.so.0.9.8 7f5cb2f24000-7f5cb2f31000 r--p 00160000 fc:00 3145863 /lib/libcrypto.so.0.9.8 7f5cb2f31000-7f5cb2f47000 rw-p 0016d000 fc:00 3145863 /lib/libcrypto.so.0.9.8 7f5cb2f47000-7f5cb2f4b000 rw-p 00000000 00:00 0 7f5cb2f4b000-7f5cb2f6a000 r-xp 00000000 fc:00 3145737 /lib/ld-2.10.1.so 7f5cb3135000-7f5cb313a000 rw-p 00000000 00:00 0 7f5cb3166000-7f5cb3169000 rw-p 00000000 00:00 0 7f5cb3169000-7f5cb316a000 r--p 0001e000 fc:00 3145737 /lib/ld-2.10.1.so 7f5cb316a000-7f5cb316b000 rw-p 0001f000 fc:00 3145737 /lib/ld-2.10.1.so 7fff6ff62000-7fff6ff77000 rw-p 00000000 00:00 0 [stack] 7fff6ffff000-7fff70000000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] Binary package hint: tspc $ lsb_release -rd Description: Ubuntu 9.10 Release: 9.10 $ apt-cache policy gw6c gw6c:   Installé : 6.0.1dfsg.1-3   Candidat : 6.0.1dfsg.1-3  Table de version :  *** 6.0.1dfsg.1-3 0         500 http://archive.ubuntu.com karmic/universe Packages         100 /var/lib/dpkg/status How to reproduce: 0. Run Ubuntu on a 64-bit architecture. 1. Edit the configuration in /etc/gw6c/gw6c.conf by setting the "client_v4" parameter to an IP address. 2. Restart the gw6c daemon. 3. Check that the gw6c daemon is running. The gw6c daemon crashes when started if the client_v4 is set to an IP address instead of the default value of "auto". The reason is a buffer overflow caused by a memcpy from an integer with a length that is dependent of the architecture to an inet_addr(3) structure that is always 32-bit long.
2009-11-13 17:01:04 ooze description Binary package hint: tspc $ lsb_release -rd Description: Ubuntu 9.10 Release: 9.10 $ apt-cache policy gw6c gw6c:   Installé : 6.0.1dfsg.1-3   Candidat : 6.0.1dfsg.1-3  Table de version :  *** 6.0.1dfsg.1-3 0         500 http://archive.ubuntu.com karmic/universe Packages         100 /var/lib/dpkg/status How to reproduce: 0. Run Ubuntu on a 64-bit architecture. 1. Edit the configuration in /etc/gw6c/gw6c.conf by setting the "client_v4" parameter to an IP address. 2. Restart the gw6c daemon. 3. Check that the gw6c daemon is running. The gw6c daemon crashes when started if the client_v4 is set to an IP address instead of the default value of "auto". The reason is a buffer overflow caused by a memcpy from an integer with a length that is dependent of the architecture to an inet_addr(3) structure that is always 32-bit long. Binary package hint: tspc $ lsb_release -rd Description: Ubuntu 9.10 Release: 9.10 $ apt-cache policy gw6c gw6c:   Installé : 6.0.1dfsg.1-3   Candidat : 6.0.1dfsg.1-3  Table de version :  *** 6.0.1dfsg.1-3 0         500 http://archive.ubuntu.com karmic/universe Packages         100 /var/lib/dpkg/status How to reproduce: 0. Run Ubuntu on a 64-bit architecture. 1. Edit the configuration in /etc/gw6c/gw6c.conf by setting the "client_v4" parameter to an IP address. 2. Restart the gw6c daemon. 3. Check that the gw6c daemon is running. The gw6c daemon crashes when started if the client_v4 is set to an IP address instead of the default value of "auto". The reason is a buffer overflow caused by a memcpy from an integer with a length that is dependent of the architecture to an inet_addr_t structure that is always 32-bit long.
2009-12-04 18:02:07 ooze attachment added Debdiff for fixing this bug http://launchpadlibrarian.net/36446056/gw6c_6.0.1dfsg.1-4ubuntu1.debdiff
2009-12-04 18:02:23 ooze gw6c (Ubuntu): status In Progress Confirmed
2009-12-14 00:36:52 Andrew Starr-Bochicchio gw6c (Ubuntu): status Confirmed Fix Committed
2010-02-09 10:09:49 Daniel Holbach gw6c (Ubuntu): status Fix Committed Fix Released
2011-02-17 12:22:41 Daniel Holbach bug added subscriber Ubuntu Sponsors Team
2011-02-17 12:22:45 Daniel Holbach removed subscriber [DEPRECATED] Ubuntu Sponsors for main
2011-02-21 23:59:32 Benjamin Drung removed subscriber Ubuntu Sponsors Team