NetBSD Problem Report #55809
From adrian@mx.aik.onl Tue Nov 17 10:40:05 2020
Return-Path: <adrian@mx.aik.onl>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id 14E7A1A921F
for <gnats-bugs@gnats.NetBSD.org>; Tue, 17 Nov 2020 10:40:05 +0000 (UTC)
Message-Id: <20201117103455.9026827222@www3.kiess.onl>
Date: Tue, 17 Nov 2020 11:34:55 +0100 (CET)
From: adrian@mx.aik.onl
Reply-To: adrian@kiess.onl
To: gnats-bugs@NetBSD.org
Subject: Webalizer seqfaults on NetBSD 9.0 and NetBSD 9.1
X-Send-Pr-Version: 3.95
>Number: 55809
>Category: pkg
>Synopsis: Webalizer from pkgsrc-2020Q2 and pkgsrc-2020Q3 binaries seqfaults on NetBSD 9 and NetBSD 9.1
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: bsiegert
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Tue Nov 17 10:45:00 +0000 2020
>Closed-Date: Sat Feb 20 14:37:59 +0000 2021
>Last-Modified: Sat Feb 20 14:40:01 +0000 2021
>Originator: Adrian Immanuel Kiess
>Release: NetBSD 9.1
>Organization:
>Environment:
System: NetBSD www3.kiess.onl 9.1 NetBSD 9.1 (GENERIC) #0: Sun Oct 18 19:24:30 UTC 2020 mkrepro@mkrepro.NetBSD.org:/usr/src/sys/arch/amd64/compile/GENERIC amd64
Architecture: x86_64
Machine: amd64
>Description:
Webalizer from pkgsrc-2020Q2 and pkgsrc-2020Q3 binaries on NetBSD 9 and NetBSD 9.1/amd64 sequfults after a working period of one month.
The error received in /var/log/messages is as following:
Nov 17 09:00:00 www3 -: www3.kiess.onl webalizer - - - buffer overflow detected; terminated
Nov 17 10:00:00 www3 -: www3.kiess.onl webalizer - - - buffer overflow detected; terminated
The error received by running webalizer at the console is as follwing:
Webalizer V2.21-02 (NetBSD 9.1 amd64) English
Using logfile /var/log/httpd/access_log (clf)
Creating output in /var/www/base/webalizer
Hostname for reports is 'www3.kiess.onl'
Reading history file... webalizer.hist
Reading previous run data.. webalizer.current
Saving current run data... [11/17/2020 11:26:07]
zsh: abort (core dumped) webalizer
I already got the hint on IRC that this may be security concern automatically detected by the pkgsrc build system.
The error starts to appear after the first new month of the Apache2 access_log is reached.
>How-To-Repeat:
Install webalizer from pkgsrc binaries and run it against the Apache2 logfile until a new month is reached. I tried both incremental and and single Apache2 access_log file.
>Fix:
No fix is known to me.
>Release-Note:
>Audit-Trail:
From: Benny Siegert <bsiegert@gmail.com>
To: gnats-bugs@netbsd.org
Cc: pkg-manager@netbsd.org, gnats-admin@netbsd.org, pkgsrc-bugs@netbsd.org
Subject: Re: pkg/55809: Webalizer seqfaults on NetBSD 9.0 and NetBSD 9.1
Date: Thu, 26 Nov 2020 16:21:49 +0100
Yes, this indicates a buffer overflow, which is a security issue. This
is something that you should report upstream.
That said, the pkgsrc package is an older version, and version 2.23-08
(released in 2013!) says in the release notes that it fixes a buffer
overflow.
Responsible-Changed-From-To: pkg-manager->bsiegert
Responsible-Changed-By: bsiegert@NetBSD.org
Responsible-Changed-When: Thu, 26 Nov 2020 16:09:45 +0000
Responsible-Changed-Why:
take
State-Changed-From-To: open->feedback
State-Changed-By: bsiegert@NetBSD.org
State-Changed-When: Thu, 26 Nov 2020 16:09:45 +0000
State-Changed-Why:
I updates webalizer to 2.23-08. Does thie issue still occur?
From: "Benny Siegert" <bsiegert@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/55809 CVS commit: pkgsrc/www/webalizer
Date: Thu, 26 Nov 2020 16:08:13 +0000
Module Name: pkgsrc
Committed By: bsiegert
Date: Thu Nov 26 16:08:13 UTC 2020
Modified Files:
pkgsrc/www/webalizer: Makefile distinfo
pkgsrc/www/webalizer/patches: patch-ad
Log Message:
Update webalizer to latest 2.23-08 (from 2013).
Perhaps this contains a fix for the buffer overflows seen in PR pkg/55809.
Fixes:
o Fix sporadic eol problem with some IIS/W3C logs
o Fix compiler directive syntax error (broke some 64 bit systems)
Changes/Additions:
o Modest speed improvements in hash table code
To generate a diff of this commit:
cvs rdiff -u -r1.71 -r1.72 pkgsrc/www/webalizer/Makefile
cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/webalizer/distinfo
cvs rdiff -u -r1.10 -r1.11 pkgsrc/www/webalizer/patches/patch-ad
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: Adrian Immanuel =?ISO-8859-1?Q?Kie=DF?= <adrian@kiess.onl>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: pkg/55809: Webalizer seqfaults on NetBSD 9.0 and NetBSD 9.1
Date: Mon, 07 Dec 2020 09:05:54 +0100
--=-xRKaxbnFsf8A02yI1zSX
Content-Type: multipart/mixed; boundary="=-NG0m5nSPRfrXL3FIhiQU"
--=-NG0m5nSPRfrXL3FIhiQU
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Dear Maintainer,
mlelstv at the IRC channel #NetBSD built me a new version of webalizer
from pkgsrc-current for NetBSD 9.1/amd64 to try things out.
I installed the new version of webalizer.
But the "bug" is still there. I know it is not really a bug, more a
security concern.
The problems occurs when running webalizer against a webalizer.hist
file with 2 or more months being written to it.
Removing my webalizer.hist, the new webalizer also works fine.
I let it run until a new month (January, 2021) begins and will see if
that bug happens again.
You can reproduce the bug with a webalizer.hist file in the webalizer
working directory, with two or more month of history written to it.
I attached the webalizer.hist, causing this trouble, as attachment to
this e-mail. You can try running webalizer with that example file.
Thank you very much for your reply.
Sincerely,
Adrian Kie=C3=9F
Le jeudi 26 novembre 2020 =C3=A0 15:25 +0000, Benny Siegert a =C3=A9crit=C2=
=A0:
> The following reply was made to PR pkg/55809; it has been noted by
> GNATS.
>=20
> From: Benny Siegert <bsiegert@gmail.com>
> To: gnats-bugs@netbsd.org
> Cc: pkg-manager@netbsd.org, gnats-admin@netbsd.org,
> pkgsrc-bugs@netbsd.org
> Subject: Re: pkg/55809: Webalizer seqfaults on NetBSD 9.0 and NetBSD
> 9.1
> Date: Thu, 26 Nov 2020 16:21:49 +0100
>=20
> =C2=A0Yes, this indicates a buffer overflow, which is a security issue.
> This
> =C2=A0is something that you should report upstream.
> =C2=A0
> =C2=A0That said, the pkgsrc package is an older version, and version 2.23=
-
> 08
> =C2=A0(released in 2013!) says in the release notes that it fixes a buffe=
r
> =C2=A0overflow.
> =C2=A0
--=20
With many greetings from Leipzig, Germany.
Adrian Immanuel Kie=C3=9F=20
Gothaer Stra=C3=9Fe 34
D-04155 Leipzig
=F0=9F=93=AA =E2=80=94 < adrian@kiess.onl >
--SYSTEM--
echo "Your fortune cookie: " && /usr/games/fortune -c -s de
> (zitate) % Das ist das Merkmal des gro=C3=9Fen und guten Menschen, da=C3=
=9F er
immer zuerst auf das Ganze und auf andere sieht, auf sich zuletzt. --
Adalbert Stifter
echo "g6.lan.dac uptime: " && /usr/bin/uptime
> 08:53:47 up 3:23, 11 users, load average: 0,49, 0,52, 0,59
--=-NG0m5nSPRfrXL3FIhiQU
Content-Disposition: attachment; filename="webalizer.hist.20201207"
Content-Transfer-Encoding: base64
Content-Type: text/plain; name="webalizer.hist.20201207"; charset="UTF-8"
IyBXZWJhbGl6ZXIgVjIuMjEtMDIgSGlzdG9yeSBEYXRhIC0gMDEvTm92LzIwMjAgMDA6MDA6MDEg
KDEyMCBtb250aCkKMTAgMjAyMCAzNDQzOCAyNzI4OSAxNDYyIDEwODE1MDkgMSAzMSAyOTg1NCAy
NDQ2CjkgMjAyMCA1ODkxIDM3ODEgNDQ3IDIzNTY0MyAxOSAzMCA0NTAxIDcxNwo4IDIwMjAgMCAw
IDAgMCAwIDAgMCAwCjcgMjAyMCAwIDAgMCAwIDAgMCAwIDAKNiAyMDIwIDAgMCAwIDAgMCAwIDAg
MAo1IDIwMjAgMCAwIDAgMCAwIDAgMCAwCjQgMjAyMCAwIDAgMCAwIDAgMCAwIDAKMyAyMDIwIDAg
MCAwIDAgMCAwIDAgMAoyIDIwMjAgMCAwIDAgMCAwIDAgMCAwCjEgMjAyMCAwIDAgMCAwIDAgMCAw
IDAKMTIgMjAxOSAwIDAgMCAwIDAgMCAwIDAKMTEgMjAxOSAwIDAgMCAwIDAgMCAwIDAKMTAgMjAx
OSAwIDAgMCAwIDAgMCAwIDAKOSAyMDE5IDAgMCAwIDAgMCAwIDAgMAo4IDIwMTkgMCAwIDAgMCAw
IDAgMCAwCjcgMjAxOSAwIDAgMCAwIDAgMCAwIDAKNiAyMDE5IDAgMCAwIDAgMCAwIDAgMAo1IDIw
MTkgMCAwIDAgMCAwIDAgMCAwCjQgMjAxOSAwIDAgMCAwIDAgMCAwIDAKMyAyMDE5IDAgMCAwIDAg
MCAwIDAgMAoyIDIwMTkgMCAwIDAgMCAwIDAgMCAwCjEgMjAxOSAwIDAgMCAwIDAgMCAwIDAKMTIg
MjAxOCAwIDAgMCAwIDAgMCAwIDAKMTEgMjAxOCAwIDAgMCAwIDAgMCAwIDAKMTAgMjAxOCAwIDAg
MCAwIDAgMCAwIDAKOSAyMDE4IDAgMCAwIDAgMCAwIDAgMAo4IDIwMTggMCAwIDAgMCAwIDAgMCAw
CjcgMjAxOCAwIDAgMCAwIDAgMCAwIDAKNiAyMDE4IDAgMCAwIDAgMCAwIDAgMAo1IDIwMTggMCAw
IDAgMCAwIDAgMCAwCjQgMjAxOCAwIDAgMCAwIDAgMCAwIDAKMyAyMDE4IDAgMCAwIDAgMCAwIDAg
MAoyIDIwMTggMCAwIDAgMCAwIDAgMCAwCjEgMjAxOCAwIDAgMCAwIDAgMCAwIDAKMTIgMjAxNyAw
IDAgMCAwIDAgMCAwIDAKMTEgMjAxNyAwIDAgMCAwIDAgMCAwIDAKMTAgMjAxNyAwIDAgMCAwIDAg
MCAwIDAKOSAyMDE3IDAgMCAwIDAgMCAwIDAgMAo4IDIwMTcgMCAwIDAgMCAwIDAgMCAwCjcgMjAx
NyAwIDAgMCAwIDAgMCAwIDAKNiAyMDE3IDAgMCAwIDAgMCAwIDAgMAo1IDIwMTcgMCAwIDAgMCAw
IDAgMCAwCjQgMjAxNyAwIDAgMCAwIDAgMCAwIDAKMyAyMDE3IDAgMCAwIDAgMCAwIDAgMAoyIDIw
MTcgMCAwIDAgMCAwIDAgMCAwCjEgMjAxNyAwIDAgMCAwIDAgMCAwIDAKMTIgMjAxNiAwIDAgMCAw
IDAgMCAwIDAKMTEgMjAxNiAwIDAgMCAwIDAgMCAwIDAKMTAgMjAxNiAwIDAgMCAwIDAgMCAwIDAK
OSAyMDE2IDAgMCAwIDAgMCAwIDAgMAo4IDIwMTYgMCAwIDAgMCAwIDAgMCAwCjcgMjAxNiAwIDAg
MCAwIDAgMCAwIDAKNiAyMDE2IDAgMCAwIDAgMCAwIDAgMAo1IDIwMTYgMCAwIDAgMCAwIDAgMCAw
CjQgMjAxNiAwIDAgMCAwIDAgMCAwIDAKMyAyMDE2IDAgMCAwIDAgMCAwIDAgMAoyIDIwMTYgMCAw
IDAgMCAwIDAgMCAwCjEgMjAxNiAwIDAgMCAwIDAgMCAwIDAKMTIgMjAxNSAwIDAgMCAwIDAgMCAw
IDAKMTEgMjAxNSAwIDAgMCAwIDAgMCAwIDAKMTAgMjAxNSAwIDAgMCAwIDAgMCAwIDAKOSAyMDE1
IDAgMCAwIDAgMCAwIDAgMAo4IDIwMTUgMCAwIDAgMCAwIDAgMCAwCjcgMjAxNSAwIDAgMCAwIDAg
MCAwIDAKNiAyMDE1IDAgMCAwIDAgMCAwIDAgMAo1IDIwMTUgMCAwIDAgMCAwIDAgMCAwCjQgMjAx
NSAwIDAgMCAwIDAgMCAwIDAKMyAyMDE1IDAgMCAwIDAgMCAwIDAgMAoyIDIwMTUgMCAwIDAgMCAw
IDAgMCAwCjEgMjAxNSAwIDAgMCAwIDAgMCAwIDAKMTIgMjAxNCAwIDAgMCAwIDAgMCAwIDAKMTEg
MjAxNCAwIDAgMCAwIDAgMCAwIDAKMTAgMjAxNCAwIDAgMCAwIDAgMCAwIDAKOSAyMDE0IDAgMCAw
IDAgMCAwIDAgMAo4IDIwMTQgMCAwIDAgMCAwIDAgMCAwCjcgMjAxNCAwIDAgMCAwIDAgMCAwIDAK
NiAyMDE0IDAgMCAwIDAgMCAwIDAgMAo1IDIwMTQgMCAwIDAgMCAwIDAgMCAwCjQgMjAxNCAwIDAg
MCAwIDAgMCAwIDAKMyAyMDE0IDAgMCAwIDAgMCAwIDAgMAoyIDIwMTQgMCAwIDAgMCAwIDAgMCAw
CjEgMjAxNCAwIDAgMCAwIDAgMCAwIDAKMTIgMjAxMyAwIDAgMCAwIDAgMCAwIDAKMTEgMjAxMyAw
IDAgMCAwIDAgMCAwIDAKMTAgMjAxMyAwIDAgMCAwIDAgMCAwIDAKOSAyMDEzIDAgMCAwIDAgMCAw
IDAgMAo4IDIwMTMgMCAwIDAgMCAwIDAgMCAwCjcgMjAxMyAwIDAgMCAwIDAgMCAwIDAKNiAyMDEz
IDAgMCAwIDAgMCAwIDAgMAo1IDIwMTMgMCAwIDAgMCAwIDAgMCAwCjQgMjAxMyAwIDAgMCAwIDAg
MCAwIDAKMyAyMDEzIDAgMCAwIDAgMCAwIDAgMAoyIDIwMTMgMCAwIDAgMCAwIDAgMCAwCjEgMjAx
MyAwIDAgMCAwIDAgMCAwIDAKMTIgMjAxMiAwIDAgMCAwIDAgMCAwIDAKMTEgMjAxMiAwIDAgMCAw
IDAgMCAwIDAKMTAgMjAxMiAwIDAgMCAwIDAgMCAwIDAKOSAyMDEyIDAgMCAwIDAgMCAwIDAgMAo4
IDIwMTIgMCAwIDAgMCAwIDAgMCAwCjcgMjAxMiAwIDAgMCAwIDAgMCAwIDAKNiAyMDEyIDAgMCAw
IDAgMCAwIDAgMAo1IDIwMTIgMCAwIDAgMCAwIDAgMCAwCjQgMjAxMiAwIDAgMCAwIDAgMCAwIDAK
MyAyMDEyIDAgMCAwIDAgMCAwIDAgMAoyIDIwMTIgMCAwIDAgMCAwIDAgMCAwCjEgMjAxMiAwIDAg
MCAwIDAgMCAwIDAKMTIgMjAxMSAwIDAgMCAwIDAgMCAwIDAKMTEgMjAxMSAwIDAgMCAwIDAgMCAw
IDAKMTAgMjAxMSAwIDAgMCAwIDAgMCAwIDAKOSAyMDExIDAgMCAwIDAgMCAwIDAgMAo4IDIwMTEg
MCAwIDAgMCAwIDAgMCAwCjcgMjAxMSAwIDAgMCAwIDAgMCAwIDAKNiAyMDExIDAgMCAwIDAgMCAw
IDAgMAo1IDIwMTEgMCAwIDAgMCAwIDAgMCAwCjQgMjAxMSAwIDAgMCAwIDAgMCAwIDAKMyAyMDEx
IDAgMCAwIDAgMCAwIDAgMAoyIDIwMTEgMCAwIDAgMCAwIDAgMCAwCjEgMjAxMSAwIDAgMCAwIDAg
MCAwIDAKMTIgMjAxMCAwIDAgMCAwIDAgMCAwIDAKMTEgMjAxMCAwIDAgMCAwIDAgMCAwIDAK
--=-NG0m5nSPRfrXL3FIhiQU--
--=-xRKaxbnFsf8A02yI1zSX
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEE9UJkhUvo8iOqz0LX1CpGptGZGuAFAl/N4mIACgkQ1CpGptGZ
GuDB9Af/WH5/N/UztQtzFLGEes+nX3BtgzSYAJToGGeaiUmNzQyBNat5rjJ6KKr4
dB47tkhEvO1BpnYFRlh4gxRLWHvZv49pEZ7pZIYHO8eyKa4uYHJq2BC9/3aIQG9j
NXadx5yLQw3kLVW8WzJIDOOzBcY1dyRzq0cqrEd8iD7DzfyIMOqNoIRI7qEBX+qc
lMJ7WjsZn62WlgfCNs48EQWzqM1jmz8d+xuVTHvVs6BXuse9eNPelFeo9zfQcXso
A191gR1hzQCet3XYsrdOY4DyNNuJsDKzrqbnAbZEL6F2dIwCU2VR8+XKr1hpnPCY
JbIfjLoYSPwd3z0T4GGOlHXY2ibGvQ==
=fgQu
-----END PGP SIGNATURE-----
--=-xRKaxbnFsf8A02yI1zSX--
From: Adrian Immanuel =?ISO-8859-1?Q?Kie=DF?= <adrian@kiess.onl>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: pkg/55809: Webalizer seqfaults on NetBSD 9.0 and NetBSD 9.1
Date: Wed, 06 Jan 2021 07:37:57 +0100
Dear Maintainer,
I have let run webalizer again, against my Apache2 logfiles, and after
the first new month is reached, the buffer overflow detected error
again happens.
From my /var/log/messages:
Jan 6 07:00:00 www3 -: www3.kiess.onl webalizer - - - buffer overflow
detected; terminated
Sincerely,
Adrian Kieß.
Le jeudi 26 novembre 2020 à 15:25 +0000, Benny Siegert a écrit :
> The following reply was made to PR pkg/55809; it has been noted by
> GNATS.
>
> From: Benny Siegert <bsiegert@gmail.com>
> To: gnats-bugs@netbsd.org
> Cc: pkg-manager@netbsd.org, gnats-admin@netbsd.org,
> pkgsrc-bugs@netbsd.org
> Subject: Re: pkg/55809: Webalizer seqfaults on NetBSD 9.0 and NetBSD
> 9.1
> Date: Thu, 26 Nov 2020 16:21:49 +0100
>
> Yes, this indicates a buffer overflow, which is a security issue.
> This
> is something that you should report upstream.
>
> That said, the pkgsrc package is an older version, and version 2.23-
> 08
> (released in 2013!) says in the release notes that it fixes a buffer
> overflow.
>
From: Adrian Immanuel =?ISO-8859-1?Q?Kie=DF?= <adrian@kiess.onl>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: pkg/55809: Webalizer seqfaults on NetBSD 9.0 and NetBSD 9.1
Date: Wed, 06 Jan 2021 11:52:50 +0100
--=-blhdAcwCh+3QEDtd97Ny
Content-Type: multipart/mixed; boundary="=-fYRbGeggKYqTTDGY3+Db"
--=-fYRbGeggKYqTTDGY3+Db
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Dear Maintainer,
mlelstv and dave0 at the Freenode IRC channel #NetBSD helped me to
debug this problem.
We ran gdb against the core file of webalizer and spotted the error in
the function update_history() from preserve.c.
We replaced the memcpy() calls inside update_history() and
get_history() with memmove.
After these changes where made, the resulting webalizer binary ran
without coredumping and produced the second month of history/usage
statistics.
I have attached the patch to preserve.c as attachment to this E-Mail.
Sincerely,
Adrian Kie=C3=9F
--=-fYRbGeggKYqTTDGY3+Db
Content-Disposition: attachment; filename="preserve.c.diff.txt"
Content-Type: text/plain; name="preserve.c.diff.txt"; charset="UTF-8"
Content-Transfer-Encoding: base64
LS0tIHByZXNlcnZlLmMub3JpZwkyMDIxLTAxLTA2IDEwOjMxOjQ5LjY1MzMxOTY5NiArMDEwMAor
KysgcHJlc2VydmUuYy5uZXcJMjAyMS0wMS0wNiAxMTo0MTo0OS4yNjg2NDcxMzcgKzAxMDAKQEAg
LTEwOSw3ICsxMDksMTMgQEAgdm9pZCBnZXRfaGlzdG9yeSgpCiAgICAgICAgICAgICAgICAgICAg
ICAgICB5ciA9IGhpc3RbaV0ueWVhcjsKICAgICAgICAgICAgICAgICAgICAgICAgIG10aD0gaGlz
dFtpXS5tb250aCsxOwogICAgICAgICAgICAgICAgICAgICAgICAgaWYgKG10aD4xMikgeyBtdGg9
MTsgeXIrKzsgfQotICAgICAgICAgICAgICAgICAgICAgICAgbWVtY3B5KCZoaXN0WzBdLCAmaGlz
dFsxXSwgc2l6ZW9mKGhpc3RbMF0pKmkpOworCQkgICAgICAgICAgICAgICAgICAgIAorCQkJCQkJ
CQkJCQkJLyoqCisJCQkJCQkJCQkJCQkqIG1lbWNweSBvZiBvdmVybGFwcGluZyBhcmd1bWVudHMg
aXMgdW5kZWZpbmVkIGJlaGF2aW91ciAtLSBjaGFuZ2UgdG8gbWVtbW92ZQorCQkJCQkJCQkJCQkJ
KgorICAgICAgICAgICAgICAgICAgICAgICAgKiBtZW1jcHkoJmhpc3RbMF0sICZoaXN0WzFdLCBz
aXplb2YoaGlzdFswXSkqaSk7CisJCQkJCQkJCSAgICAgICAgKi8KKyAgICAgICAgICAgICAgICAg
ICAgICAgIG1lbW1vdmUoJmhpc3RbMF0sICZoaXN0WzFdLCBzaXplb2YoaGlzdFswXSkqaSk7CiAg
ICAgICAgICAgICAgICAgICAgICAgICBtZW1zZXQoJmhpc3RbaV0sIDAsIHNpemVvZihzdHJ1Y3Qg
aGlzdF9yZWMpKTsKICAgICAgICAgICAgICAgICAgICAgICAgIGhpc3RbaV0ueWVhcj15cjsgaGlz
dFtpXS5tb250aD1tdGg7IG4tLTsKICAgICAgICAgICAgICAgICAgICAgfQpAQCAtMjc3LDcgKzI4
MywxMiBAQCB2b2lkIHVwZGF0ZV9oaXN0b3J5KCkKICAgICAgICAgICAgICAgICAgIHlyID0gaGlz
dFtpXS55ZWFyOwogICAgICAgICAgICAgICAgICAgbXRoPSBoaXN0W2ldLm1vbnRoKzE7CiAgICAg
ICAgICAgICAgICAgICBpZiAobXRoPjEyKSB7IG10aD0xOyB5cisrOyB9Ci0gICAgICAgICAgICAg
ICAgICBtZW1jcHkoJmhpc3RbMF0sJmhpc3RbMV0sc2l6ZW9mKGhpc3RbMF0pKmkpOworICAgICAg
ICAgICAgICAgICAgLyoqIAorCQkJCQkJCQkJICogbWVtY3B5IG9mIG92ZXJsYXBwaW5nIGFyZ3Vt
ZW50cyBpcyB1bmRlZmluZWQgYmVoYXZpb3VyIC0tIGNoYW5nZSB0byBtZW1tb3ZlCisJCQkJCQkJ
CQkgKgorCQkJCQkJCQkJICogbWVtY3B5KCZoaXN0WzBdLCZoaXN0WzFdLHNpemVvZihoaXN0WzBd
KSppKTsKKwkJCQkJCQkJCSAqKi8KKwkJCQkJCQkJCW1lbW1vdmUoJmhpc3RbMF0sJmhpc3RbMV0s
c2l6ZW9mKGhpc3RbMF0pKmkpOwogICAgICAgICAgICAgICAgICAgbWVtc2V0KCZoaXN0W2ldLCAw
LCBzaXplb2Yoc3RydWN0IGhpc3RfcmVjKSk7CiAgICAgICAgICAgICAgICAgICBoaXN0W2ldLnll
YXI9eXI7IGhpc3RbaV0ubW9udGg9bXRoOyBuLS07CiAgICAgICAgICAgICAgICB9Cg==
--=-fYRbGeggKYqTTDGY3+Db--
--=-blhdAcwCh+3QEDtd97Ny
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEE9UJkhUvo8iOqz0LX1CpGptGZGuAFAl/1loIACgkQ1CpGptGZ
GuAP/AgAmOG46xTvdv0ApJ5HgKN8WyT26RgQCNNGkLxfpXt/pjx0w7NBmP8K2Qjg
hjPXbao4IQRXhwtf69zV4o43x1lIzD9flHypoOkwaAPOMu72w0Q+OC/DFsSOo26L
16WuJkfgNlwUw00SNHAaXTBjlJUoFxdrd7ANs5aZFxT2xN0LkeluEGJQMYygpHb/
pbzV/XxEeWb2BT19R6BeAatZp4vuw/mnvJnDehVhuV6YAqQZQpCHpE9W/W8aS+4D
CigJ6uhAuWqj5eO8S0iFvMso4yOxz4ibjhNonrKwophERdjDjZwILsosKqc9rU5d
Y7zAmjHQrNogBN5p6sRWtVuUvuxMwg==
=k4jK
-----END PGP SIGNATURE-----
--=-blhdAcwCh+3QEDtd97Ny--
From: Adrian Immanuel =?ISO-8859-1?Q?Kie=DF?= <adrian@kiess.onl>
To: gnats-bugs@netbsd.org, pkg-manager@netbsd.org, gnats-admin@netbsd.org,
pkgsrc-bugs@netbsd.org
Cc:
Subject: Re: pkg/55809: Webalizer seqfaults on NetBSD 9.0 and NetBSD 9.1
Date: Sun, 24 Jan 2021 09:41:11 +0100
Dear Maintainer,
I have sent the patch as attachment to my last e-mail for this
particular issue.
Since the attachment got encoded, I insert an URL to the patch and
paste the patch here in this e-mail.
With this patch, Webalizer won't suffer from the bug, I described in
the first e-mail, which describes the bug itself.
URL to the patch for the preserve.c from Webalizer:
https://www3.aik.onl/guests/adrian/tmp/pkgsrc-webalizer-preserve.c.diff.txt
The patch for preserve.c as plaintext:
--- preserve.c.orig 2021-01-06 10:31:49.653319696 +0100
+++ preserve.c.new 2021-01-06 11:41:49.268647137 +0100
@@ -109,7 +109,13 @@ void get_history()
yr = hist[i].year;
mth= hist[i].month+1;
if (mth>12) { mth=1; yr++; }
- memcpy(&hist[0], &hist[1], sizeof(hist[0])*i);
+
+
/**
+
* memcpy of overlapping arguments is undefined
behaviour -- change to memmove
+
*
+ * memcpy(&hist[0], &hist[1],
sizeof(hist[0])*i);
+
*/
+ memmove(&hist[0], &hist[1],
sizeof(hist[0])*i);
memset(&hist[i], 0, sizeof(struct hist_rec));
hist[i].year=yr; hist[i].month=mth; n--;
}
@@ -277,7 +283,12 @@ void update_history()
yr = hist[i].year;
mth= hist[i].month+1;
if (mth>12) { mth=1; yr++; }
- memcpy(&hist[0],&hist[1],sizeof(hist[0])*i);
+ /**
+
* memcpy of overlapping arguments is undefined behaviour -- change to
memmove
+
*
+
* memcpy(&hist[0],&hist[1],sizeof(hist[0])*i);
+
**/
+
memmove(&hist[0],&hist[1],sizeof(hist[0])*i);
memset(&hist[i], 0, sizeof(struct hist_rec));
hist[i].year=yr; hist[i].month=mth; n--;
}
Thank you very much for your kind attention.
Sincerely,
Adrian Kiess
Le jeudi 26 novembre 2020 à 15:25 +0000, Benny Siegert a écrit :
> The following reply was made to PR pkg/55809; it has been noted by
> GNATS.
>
> From: Benny Siegert <bsiegert@gmail.com>
> To: gnats-bugs@netbsd.org
> Cc: pkg-manager@netbsd.org, gnats-admin@netbsd.org,
> pkgsrc-bugs@netbsd.org
> Subject: Re: pkg/55809: Webalizer seqfaults on NetBSD 9.0 and NetBSD
> 9.1
> Date: Thu, 26 Nov 2020 16:21:49 +0100
>
> Yes, this indicates a buffer overflow, which is a security issue.
> This
> is something that you should report upstream.
>
> That said, the pkgsrc package is an older version, and version 2.23-
> 08
> (released in 2013!) says in the release notes that it fixes a buffer
> overflow.
>
State-Changed-From-To: feedback->closed
State-Changed-By: bsiegert@NetBSD.org
State-Changed-When: Sat, 20 Feb 2021 14:37:59 +0000
State-Changed-Why:
Patch committed, thanks!
From: "Benny Siegert" <bsiegert@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/55809 CVS commit: pkgsrc/www/webalizer
Date: Sat, 20 Feb 2021 14:37:24 +0000
Module Name: pkgsrc
Committed By: bsiegert
Date: Sat Feb 20 14:37:24 UTC 2021
Modified Files:
pkgsrc/www/webalizer: Makefile distinfo
Added Files:
pkgsrc/www/webalizer/patches: patch-preserve.c
Log Message:
webalizer: fix crashes
Use memmove instead of memcpy with overlapping arguments. Patch from
Adrian Immanuel Kiess in PR pkg/55809.
To generate a diff of this commit:
cvs rdiff -u -r1.72 -r1.73 pkgsrc/www/webalizer/Makefile
cvs rdiff -u -r1.17 -r1.18 pkgsrc/www/webalizer/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/www/webalizer/patches/patch-preserve.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.