Ubuntu
pgp4pine package

buffer overflow in parsing routines' from `Aborts when running with -r flag

Bug #217485 reported by Tomas Pospisek
4
Affects Status Importance Assigned to Milestone
pgp4pine (Debian)
Fix Released
Unknown
pgp4pine (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Binary package hint: pgp4pine

$ alpine
[...choosing to send mail through pgp4pine here...]
pgp4pine 1.76
by Holger Lamm <email address hidden>
Homepage: http://pgp4pine.flatline.de/
This program is protected by the GPL v2.

Loading profiles: gpg, done.

Loading public keyring (this may take a couple of seconds)...
.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................*** stack smashing detected ***: /usr/bin/pgp4pine terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x7fd318be7607]
/lib/libc.so.6(__fortify_fail+0x0)[0x7fd318be75d0]
/usr/bin/pgp4pine[0x4096a0]
======= Memory map: ========
00400000-0040f000 r-xp 00000000 08:05 359070 /usr/bin/pgp4pine
0060f000-00610000 rw-p 0000f000 08:05 359070 /usr/bin/pgp4pine
00610000-0075f000 rw-p 00610000 00:00 0 [heap]
7fd3188ec000-7fd3188f9000 r-xp 00000000 08:05 400375 /lib/libgcc_s.so.1
7fd3188f9000-7fd318af9000 ---p 0000d000 08:05 400375 /lib/libgcc_s.so.1
7fd318af9000-7fd318afa000 rw-p 0000d000 08:05 400375 /lib/libgcc_s.so.1
7fd318afa000-7fd318c52000 r-xp 00000000 08:05 400321 /lib/libc-2.7.so
7fd318c52000-7fd318e52000 ---p 00158000 08:05 400321 /lib/libc-2.7.so
7fd318e52000-7fd318e55000 r--p 00158000 08:05 400321 /lib/libc-2.7.so
7fd318e55000-7fd318e57000 rw-p 0015b000 08:05 400321 /lib/libc-2.7.so
7fd318e57000-7fd318e5c000 rw-p 7fd318e57000 00:00 0
7fd318e5c000-7fd318e79000 r-xp 00000000 08:05 399992 /lib/ld-2.7.so
7fd319062000-7fd319064000 rw-p 7fd319062000 00:00 0
7fd319073000-7fd319074000 rw-p 7fd319073000 00:00 0
7fd319075000-7fd319079000 rw-p 7fd319075000 00:00 0
7fd319079000-7fd31907b000 rw-p 0001d000 08:05 399992 /lib/ld-2.7.so
7fff21065000-7fff2107b000 rw-p 7ffffffe9000 00:00 0 [stack]
7fff211ff000-7fff21200000 r-xp 7fff211ff000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
Alpine finished -- Closed folder "INBOX". Kept all 100 messages.

$ lsb_release -rd
Description: Ubuntu hardy (development branch)
Release: 8.04

$ uname -a
Linux tpo-laptop 2.6.24-14-generic #1 SMP Thu Apr 3 04:16:51 UTC 2008 x86_64 GNU/Linux

$ dpkg -s pgp4pine
[...]
Architecture: amd64
Version: 1.76-3

Does pgp4pine actually work for anybody out there?

Might be also an architecture specific bug. I've got an amd64 aka x86_64 laptop here, that seems to be uncovering __lots__ of threading and unclean C-programming bugs left and right.

*t

Revision history for this message
Tomas Pospisek (tpo-deb) wrote :

Same as http://bugs.debian.org/457947. Thus this is not amd64 related.

Bug Watch Updater (bug-watch-updater)
Changed in pgp4pine:
status: Unknown → New
Revision history for this message
James Westby (james-w) wrote :

Hi,

The Debian bug suggests this is fixed, can anyone reproduce it
on Intrepid or Jaunty?

Thanks,

James

Changed in pgp4pine:
status: New → Incomplete
Revision history for this message
Neil Perry (nperry) wrote :

This bug is still marked as Incomplete so we are now going to close this bug report. Please upgrade to the latest release Karmic 9.10 - If this bug is still reproducible please reopen the bug by setting the status to New. Thanks

Changed in pgp4pine (Ubuntu):
status: Incomplete → Invalid
Revision history for this message
Tomas Pospisek (tpo-deb) wrote :

The bug still exists in Karmic. Debian has patch in its bugtracker.

MInd you, this is also a security issue.

I haven't looked into the code for a while but I remember that there were more overflows than the patch that's provided in the Debian bug report.

Changed in pgp4pine (Ubuntu):
status: Invalid → New
Revision history for this message
Neil Perry (nperry) wrote :
summary: - stack smashing detected
+ buffer overflow in parsing routines' from `Aborts when running with -r
+ flag
Changed in pgp4pine (Ubuntu):
status: New → Confirmed
Bug Watch Updater (bug-watch-updater)
Changed in pgp4pine (Debian):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.