ELOG

Demo Discussion

Forum Config Examples Contributions Vulnerabilities

Discussion forum about ELOG

Not logged in

Back | Find | Login | Help

very long subject cause buffer overflow, posted by Stefano Lacaprara on Tue Apr 14 13:26:50 2020

Re: very long subject cause buffer overflow, posted by Stefano Lacaprara on Thu Apr 16 10:07:18 2020

Re: very long subject cause buffer overflow, posted by Stefan Ritt on Thu Apr 16 10:11:13 2020

Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Duis autem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat, vel illum dolore eu feugiat nulla facilisis at vero eros et accumsan et iusto odio dignissim qui blandit praesent luptatum zzril delenit augue duis dolore te feugait nulla facilisi. Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna aliquam erat volutpat. Ut wisi enim ad minim veniam, quis nostrud exerci tation ullamcorper suscipit lobortis nisl ut aliquip ex ea commodo consequat. Duis autem vel eum iriure dolor in hendrerit in vulputate v

... subject erased ..., posted by Stefan Ritt on Thu Apr 16 11:03:03 2020

... subject erased ..., posted by Stefano Lacaprara on Thu Apr 16 11:12:32 2020

Message ID: 69140 Entry time: Thu Apr 16 10:27:18 2020 In reply to: 69139

Icon:

Author:

Stefano Lacaprara

Author Email:

stefano.lacaprara@pd.infn.it

Category:

Bug report

OS:

Linux

ELOG Version:

ELOG V3.1.3-

Subject:

> indeed, I'll try to move to ELOG V3.1.4-80633ba
> 
> > My try on this server ->> see the subject

I've tried with elog-3.1.4-2 and git version, and I still have the same problem. 
If I compile with make debug, it works.

Is there anything I can do to help debug the problem?

thanks for your help

S

compiling git master w/o debug, but running in gdb


gdb ~/elog/elogd
(gdb) run -f /var/run/elog.pid -c /etc/elog.conf -d /var/lib/elog/logbooks -s /usr/share/elog -v 3 -x
... [opening elogbook demo with an entry with lorem ipsum as sujbject] 

*** buffer overflow detected ***: /root/elog/elogd terminated
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x777e5)[0x7ffff781b7e5]
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x5c)[0x7ffff78bd15c]
/lib/x86_64-linux-gnu/libc.so.6(+0x117160)[0x7ffff78bb160]
/lib/x86_64-linux-gnu/libc.so.6(+0x1166c9)[0x7ffff78ba6c9]
/lib/x86_64-linux-gnu/libc.so.6(_IO_default_xsputn+0x80)[0x7ffff781f6b0]
/lib/x86_64-linux-gnu/libc.so.6(_IO_vfprintf+0x139b)[0x7ffff77f250b]
/lib/x86_64-linux-gnu/libc.so.6(__vsprintf_chk+0x84)[0x7ffff78ba754]
/lib/x86_64-linux-gnu/libc.so.6(__sprintf_chk+0x7d)[0x7ffff78ba6ad]
/root/elog/elogd[0x44c86a]
/root/elog/elogd[0x4799e0]
/root/elog/elogd[0x496018]
/root/elog/elogd[0x4962a6]
/root/elog/elogd[0x49864e]
/root/elog/elogd[0x49b1f8]
/root/elog/elogd[0x4038c7]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0)[0x7ffff77c4830]
/root/elog/elogd[0x404509]
======= Memory map: ========
00400000-004d5000 r-xp 00000000 ca:01 273573                             /root/elog/elogd
006d4000-006d5000 r--p 000d4000 ca:01 273573                             /root/elog/elogd
006d5000-0076c000 rw-p 000d5000 ca:01 273573                             /root/elog/elogd
0076c000-018e7000 rw-p 00000000 00:00 0                                  [heap]
7ffff5783000-7ffff5799000 r-xp 00000000 ca:01 651589                     /lib/x86_64-linux-gnu/libgcc_s.so.1
7ffff5799000-7ffff5998000 ---p 00016000 ca:01 651589                     /lib/x86_64-linux-gnu/libgcc_s.so.1
7ffff5998000-7ffff5999000 rw-p 00015000 ca:01 651589                     /lib/x86_64-linux-gnu/libgcc_s.so.1
7ffff5999000-7ffff5c56000 rw-p 00000000 00:00 0 
7ffff5cda000-7ffff66c7000 r--s 00000000 ca:03 1305745                    /var/lib/sss/mc/initgroups
7ffff66c7000-7ffff66df000 r-xp 00000000 ca:01 652670                     /lib/x86_64-linux-gnu/libpthread-2.23.so
7ffff66df000-7ffff68de000 ---p 00018000 ca:01 652670                     /lib/x86_64-linux-gnu/libpthread-2.23.so
7ffff68de000-7ffff68df000 r--p 00017000 ca:01 652670                     /lib/x86_64-linux-gnu/libpthread-2.23.so
7ffff68df000-7ffff68e0000 rw-p 00018000 ca:01 652670                     /lib/x86_64-linux-gnu/libpthread-2.23.so
7ffff68e0000-7ffff68e4000 rw-p 00000000 00:00 0 
7ffff68e4000-7ffff68ec000 r-xp 00000000 ca:01 651532                     /lib/x86_64-linux-gnu/libnss_sss.so.2
7ffff68ec000-7ffff6aeb000 ---p 00008000 ca:01 651532                     /lib/x86_64-linux-gnu/libnss_sss.so.2
7ffff6aeb000-7ffff6aec000 r--p 00007000 ca:01 651532                     /lib/x86_64-linux-gnu/libnss_sss.so.2
7ffff6aec000-7ffff6aed000 rw-p 00008000 ca:01 651532                     /lib/x86_64-linux-gnu/libnss_sss.so.2
7ffff6aed000-7ffff6af8000 r-xp 00000000 ca:01 652680                     /lib/x86_64-linux-gnu/libnss_files-2.23.so
7ffff6af8000-7ffff6cf7000 ---p 0000b000 ca:01 652680                     /lib/x86_64-linux-gnu/libnss_files-2.23.so
7ffff6cf7000-7ffff6cf8000 r--p 0000a000 ca:01 652680                     /lib/x86_64-linux-gnu/libnss_files-2.23.so
7ffff6cf8000-7ffff6cf9000 rw-p 0000b000 ca:01 652680                     /lib/x86_64-linux-gnu/libnss_files-2.23.so
7ffff6cf9000-7ffff6cff000 rw-p 00000000 00:00 0 
7ffff6cff000-7ffff715b000 r--p 00000000 ca:01 134295                     /usr/lib/locale/locale-archive
7ffff715b000-7ffff715e000 r-xp 00000000 ca:01 652668                     /lib/x86_64-linux-gnu/libdl-2.23.so
7ffff715e000-7ffff735d000 ---p 00003000 ca:01 652668                     /lib/x86_64-linux-gnu/libdl-2.23.so
7ffff735d000-7ffff735e000 r--p 00002000 ca:01 652668                     /lib/x86_64-linux-gnu/libdl-2.23.so
7ffff735e000-7ffff735f000 rw-p 00003000 ca:01 652668                     /lib/x86_64-linux-gnu/libdl-2.23.so
7ffff735f000-7ffff757a000 r-xp 00000000 ca:01 651557                     /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
7ffff757a000-7ffff7779000 ---p 0021b000 ca:01 651557                     /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
7ffff7779000-7ffff7795000 r--p 0021a000 ca:01 651557                     /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
7ffff7795000-7ffff77a1000 rw-p 00236000 ca:01 651557                     /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
7ffff77a1000-7ffff77a4000 rw-p 00000000 00:00 0 
7ffff77a4000-7ffff7964000 r-xp 00000000 ca:01 652683                     /lib/x86_64-linux-gnu/libc-2.23.so
7ffff7964000-7ffff7b64000 ---p 001c0000 ca:01 652683                     /lib/x86_64-linux-gnu/libc-2.23.so
7ffff7b64000-7ffff7b68000 r--p 001c0000 ca:01 652683                     /lib/x86_64-linux-gnu/libc-2.23.so
7ffff7b68000-7ffff7b6a000 rw-p 001c4000 ca:01 652683                     /lib/x86_64-linux-gnu/libc-2.23.so
7ffff7b6a000-7ffff7b6e000 rw-p 00000000 00:00 0 
7ffff7b6e000-7ffff7bcc000 r-xp 00000000 ca:01 651645                     /lib/x86_64-linux-gnu/libssl.so.1.0.0
7ffff7bcc000-7ffff7dcc000 ---p 0005e000 ca:01 651645                     /lib/x86_64-linux-gnu/libssl.so.1.0.0
7ffff7dcc000-7ffff7dd0000 r--p 0005e000 ca:01 651645                     /lib/x86_64-linux-gnu/libssl.so.1.0.0
7ffff7dd0000-7ffff7dd7000 rw-p 00062000 ca:01 651645                     /lib/x86_64-linux-gnu/libssl.so.1.0.0
7ffff7dd7000-7ffff7dfd000 r-xp 00000000 ca:01 652669                     /lib/x86_64-linux-gnu/ld-2.23.so
7ffff7fd9000-7ffff7fde000 rw-p 00000000 00:00 0 
7ffff7ff7000-7ffff7ff8000 rw-p 00000000 00:00 0 
7ffff7ff8000-7ffff7ffa000 r--p 00000000 00:00 0                          [vvar]
7ffff7ffa000-7ffff7ffc000 r-xp 00000000 00:00 0                          [vdso]
7ffff7ffc000-7ffff7ffd000 r--p 00025000 ca:01 652669                     /lib/x86_64-linux-gnu/ld-2.23.so
7ffff7ffd000-7ffff7ffe000 rw-p 00026000 ca:01 652669                     /lib/x86_64-linux-gnu/ld-2.23.so
7ffff7ffe000-7ffff7fff000 rw-p 00000000 00:00 0 
7fffffe68000-7ffffffff000 rw-p 00000000 00:00 0                          [stack]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]

Program received signal SIGABRT, Aborted.
0x00007ffff77d9428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
54	../sysdeps/unix/sysv/linux/raise.c: No such file or directory.

(gdb) where
#0  0x00007ffff77d9428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
#1  0x00007ffff77db02a in __GI_abort () at abort.c:89
#2  0x00007ffff781b7ea in __libc_message (do_abort=do_abort@entry=2, fmt=fmt@entry=0x7ffff793349f "*** %s ***: %s terminated\n") at 
../sysdeps/posix/libc_fatal.c:175
#3  0x00007ffff78bd15c in __GI___fortify_fail (msg=<optimized out>, msg@entry=0x7ffff7933430 "buffer overflow detected") at fortify_fail.c:37
#4  0x00007ffff78bb160 in __GI___chk_fail () at chk_fail.c:28
#5  0x00007ffff78ba6c9 in _IO_str_chk_overflow (fp=<optimized out>, c=<optimized out>) at vsprintf_chk.c:31
#6  0x00007ffff781f6b0 in __GI__IO_default_xsputn (f=0x7ffffff36d90, data=<optimized out>, n=1499) at genops.c:455
#7  0x00007ffff77f250b in _IO_vfprintf_internal (s=s@entry=0x7ffffff36d90, format=<optimized out>, format@entry=0x4b66bf "Style %s %s", 
ap=ap@entry=0x7ffffff36ec8) at vfprintf.c:1632
#8  0x00007ffff78ba754 in ___vsprintf_chk (
    s=0x7ffffff376a0 "Style Subject Lorem ipsum dolor sit amet, ut solum conceptam dissentiet per, affert argumentum te pro. Dicta tractatos 
intellegebat an ius. Mei munere soleat voluptatum cu, at vidit scriptorem consect"..., flags=1, slen=1500, format=0x4b66bf "Style %s %s", 
args=args@entry=0x7ffffff36ec8) at vsprintf_chk.c:82
#9  0x00007ffff78ba6ad in ___sprintf_chk (s=<optimized out>, flags=<optimized out>, slen=<optimized out>, format=<optimized out>) at sprintf_chk.c:31
#10 0x000000000044c86a in display_line ()
#11 0x00000000004799e0 in show_elog_list ()
#12 0x0000000000496018 in interprete ()
#13 0x00000000004962a6 in decode_get ()
#14 0x000000000049864e in process_http_request ()
#15 0x000000000049b1f8 in server_loop ()
#16 0x00000000004038c7 in main ()

ELOG V3.1.5-fe60aaf