Bug#696345: unblock: rlinetd/0.8.2-2

Wed, 19 Dec 2012 13:21:18 -0800 

Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock

Please unblock package rlinetd, which is priority extra package with a
quite a low popcon. Version 0.8.2-2 fixes three following bugs:

1. Ubuntu bug#1057645 [1] which might be quite important for users who
increase system-wide limit of open file descriptors or who plan to
use more recent version of glibc that will be released with wheezy.
Previous versions of rlinetd used to overwrite buffer used by FD_*
macros by number of available file descriptors minus 1024 bytes. This
would be one byte on most systems. However if glibc 1.15 or later is
installed this one byte will cause rlined to crash due to hardening
check introduced in that version of glibc [2].

2. Ubuntu bug#1057663 [3] - the script responsible for converting
/etc/inetd.conf to rlinetd configuration file format didn't understand
the udp4, udp6, tcp4 and tcp6 keywords.

3. Debian bug#691778 [4] - postinst/postrm failed to add/remove rlinetd
diversions under non-English locales.


While preparing the changes I was trying to make them as small as
possible. Please take a look into attached patch and unblock the package
for testing.

unblock rlinetd/0.8.2-2

Thanks,
robert

[1] https://bugs.launchpad.net/ubuntu/+source/rlinetd/+bug/1057645
[2] https://github.com/rbdixon/glibc/blob/master/debug/fdelt_chk.c#L24
[3] https://bugs.launchpad.net/ubuntu/+source/rlinetd/+bug/1057663
[4] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691778

-- System Information:
Debian Release: 7.0
  APT prefers unstable
  APT policy: (990, 'unstable'), (200, 'testing')
Architecture: i386 (i686)

Kernel: Linux 3.5-trunk-686-pae (SMP w/1 CPU core)
Locale: LANG=pl_PL, LC_CTYPE=pl_PL (charmap=ISO-8859-2)
Shell: /bin/sh linked to /bin/dash

Comparing rlinetd_0.8.2-1.dsc rlinetd_0.8.2-2.dsc
diff -Nru rlinetd-0.8.2/debian/changelog rlinetd-0.8.2/debian/changelog
--- rlinetd-0.8.2/debian/changelog	2012-02-26 13:00:45.000000000 +0100
+++ rlinetd-0.8.2/debian/changelog	2012-12-10 22:47:53.000000000 +0100
@@ -1,3 +1,18 @@
+rlinetd (0.8.2-2) unstable; urgency=low
+
+  * Add 1-Fix-fd_set-overflow.patch to fix fd_set buffer overflows caught
+    by new glibc 1.15 hardening checks (LP: #105764)
+    The fd_set buffers used by FD_ISSET, FD_SET, FD_CLR macros used to be
+    overwritten usually by 1 byte or more in rare cases on systems where
+    open file descriptors limit is greater than FD_SETSIZE.
+  * Add 2-Add-udp4-to-inetd2rlinetd.patch to support protocols like udp4,
+    tcp6 in inetd2rlinetd (LP: #1057663).
+  * postinst, postrm: Fix installing/removing diversions (closes: #691778).
+    The scripts fail to parse output of `dpkg-divert --list', when it is
+    localized, so enforce non-localized output by setting LC_ALL=C.
+
+ -- Robert Luberda <rob...@debian.org>  Mon, 10 Dec 2012 22:47:43 +0100
+
 rlinetd (0.8.2-1) unstable; urgency=low
 
   * New upstream version.
diff -Nru rlinetd-0.8.2/debian/patches/1-Fix-fd_set-overflow.patch rlinetd-0.8.2/debian/patches/1-Fix-fd_set-overflow.patch
--- rlinetd-0.8.2/debian/patches/1-Fix-fd_set-overflow.patch	1970-01-01 01:00:00.000000000 +0100
+++ rlinetd-0.8.2/debian/patches/1-Fix-fd_set-overflow.patch	2012-12-10 22:47:53.000000000 +0100
@@ -0,0 +1,99 @@
+From: Robert Luberda <rob...@debian.org>
+Date: Sun, 9 Dec 2012 23:04:47 +0100
+Subject: 1 Fix fd_set overflow
+
+Fix fd_set buffer overflows (LP: #1057645)
+
+Make sure that FD_ISSET, FD_SET, FD_CLR macros are called with proper
+arguments not to overflow the fd_set buffers. Especially use FD_SETSIZE
+instead of getdtablesize() as the upper bound of loops that iterate over
+fd_sets and fix stop conditions of such loops in engine.c.
+
+According to select(2) man page, an fd_set is a fixed-size buffer,
+and the above macros require the passed file descriptor argument
+to be lower than FD_SETSIZE. glibc started checking the above condition
+in its version 1.15 if _FORTIFY_SOURCE is defined, causing rlinetd
+to crash (see the call stacks in LP#1057645).
+---
+ src/engine.c  |   10 ++++------
+ src/grammar.c |    5 ++---
+ src/grammar.y |    5 ++---
+ 3 files changed, 8 insertions(+), 12 deletions(-)
+
+diff --git a/src/engine.c b/src/engine.c
+index 273fc44..07f61ce 100644
+--- a/src/engine.c
++++ b/src/engine.c
+@@ -165,22 +165,20 @@ void main_loop() {
+ 
+ void listeners_set(int j) {
+ 	fd_set *fds;
+-	int i, bound;
++	int i;
+ 
+-	bound = getdtablesize();
+ 	fds = fdsettab_get(j);
+-	for(i = 0; i <= bound; i++)
++	for(i = 0; i < FD_SETSIZE; i++)
+ 		if(FD_ISSET(i, fds))
+ 			FD_SET(i, &rfds);
+ }
+ 
+ void listeners_clear(int j) {
+ 	fd_set *fds;
+-	int i, bound;
++	int i;
+ 
+-	bound = getdtablesize();
+ 	fds = fdsettab_get(j);
+-	for(i = 0; i <= bound; i++)
++	for(i = 0; i < FD_SETSIZE; i++)
+ 		if(FD_ISSET(i, fds))
+ 			FD_CLR(i, &rfds);
+ }
+diff --git a/src/grammar.c b/src/grammar.c
+index 4585e87..4d9c5ee 100644
+--- a/src/grammar.c
++++ b/src/grammar.c
+@@ -1957,7 +1957,7 @@ yyreduce:
+ 		struct opmetalist *parent;
+ 		struct opmetalist *onexit;
+ 		struct oplist *ops;
+-		int i, bound;
++		int i;
+ 		int fds;
+ 		fd_set *fdst;
+ 
+@@ -2060,8 +2060,7 @@ yyreduce:
+ 			free(ops);
+ 
+ 			fdst = fdsettab_get(fds);
+-			bound = getdtablesize();
+-			for(i = 0; i < bound; i++)
++			for(i = 0; i < FD_SETSIZE; i++)
+ 				if(FD_ISSET(i, fdst))
+ 					read_hook(i, oplisttab_get(current_service->run), NULL);
+ 
+diff --git a/src/grammar.y b/src/grammar.y
+index dd68d7e..2018f81 100644
+--- a/src/grammar.y
++++ b/src/grammar.y
+@@ -269,7 +269,7 @@ service:	T_SERVICE T_QSTRING '{' service_elements '}'
+ 		struct opmetalist *parent;
+ 		struct opmetalist *onexit;
+ 		struct oplist *ops;
+-		int i, bound;
++		int i;
+ 		int fds;
+ 		fd_set *fdst;
+ 
+@@ -372,8 +372,7 @@ service:	T_SERVICE T_QSTRING '{' service_elements '}'
+ 			free(ops);
+ 
+ 			fdst = fdsettab_get(fds);
+-			bound = getdtablesize();
+-			for(i = 0; i < bound; i++)
++			for(i = 0; i < FD_SETSIZE; i++)
+ 				if(FD_ISSET(i, fdst))
+ 					read_hook(i, oplisttab_get(current_service->run), NULL);
+ 
diff -Nru rlinetd-0.8.2/debian/patches/2-Add-udp4-to-inted2rlinetd.patch rlinetd-0.8.2/debian/patches/2-Add-udp4-to-inted2rlinetd.patch
--- rlinetd-0.8.2/debian/patches/2-Add-udp4-to-inted2rlinetd.patch	1970-01-01 01:00:00.000000000 +0100
+++ rlinetd-0.8.2/debian/patches/2-Add-udp4-to-inted2rlinetd.patch	2012-12-10 22:47:53.000000000 +0100
@@ -0,0 +1,46 @@
+From: Robert Luberda <rob...@debian.org>
+Date: Sun, 9 Dec 2012 22:35:58 +0100
+Subject: 2 Add udp4 to inted2rlinetd
+
+inetd2rlinetd: Add support for udp4 and similar protocols (LP: #1057663)
+
+Apply patch from Ubuntu LP#1057663 to handle protocols ending with IP
+version, like udp4 or tcp6, from /etc/inetd.conf.
+---
+ scripts/inetd2rlinetd.in |    9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/scripts/inetd2rlinetd.in b/scripts/inetd2rlinetd.in
+index 781e726..abdbcbf 100755
+--- a/scripts/inetd2rlinetd.in
++++ b/scripts/inetd2rlinetd.in
+@@ -94,6 +94,7 @@ sub add_single_line {
+ 	my $gid			= "";
+ 	my $rpcvers		= "";
+ 	my $instances	= "";
++	my $family		= "";
+ 	my $name		= $1;
+ 	my $proto		= $2;
+ 	my $wait		= $3;
+@@ -111,7 +112,12 @@ sub add_single_line {
+ 		}
+ 	}
+ 
+-	&warn(sprintf(_g("unknown protocol: %s\n; skipping service %s"), $proto, $name)) && return
++	if($proto =~ /^(udp|tcp)(4|6)$/) {
++		$proto = $1;
++		$family = "ipv".$2;
++	}
++
++	&warn(sprintf(_g("unknown protocol: %s; skipping service %s\n"), $proto, $name)) && return
+ 		unless ($proto eq "udp" || $proto eq "tcp");
+ 
+ 	if($uid =~ /^(.+)\.(.+)$/) {
+@@ -137,6 +143,7 @@ sub add_single_line {
+ 	$out .= "service \"${name}_${proto}\" {\n";
+ 	$out .= "\tenabled $enabled;\n";
+ 	$out .= "\tprotocol $proto;\n";
++	$out .= "\tfamily $family;\n" if ($family);
+ 	$out .= "\tport \"$name\";\n" unless ($rpcvers);
+ 	$out .= "\tuser \"$uid\";\n";
+ 	$out .= "\texec \"$exec\";\n";
diff -Nru rlinetd-0.8.2/debian/patches/series rlinetd-0.8.2/debian/patches/series
--- rlinetd-0.8.2/debian/patches/series	1970-01-01 01:00:00.000000000 +0100
+++ rlinetd-0.8.2/debian/patches/series	2012-12-10 22:47:53.000000000 +0100
@@ -0,0 +1,2 @@
+1-Fix-fd_set-overflow.patch
+2-Add-udp4-to-inted2rlinetd.patch
diff -Nru rlinetd-0.8.2/debian/postinst rlinetd-0.8.2/debian/postinst
--- rlinetd-0.8.2/debian/postinst	2012-02-26 13:00:45.000000000 +0100
+++ rlinetd-0.8.2/debian/postinst	2012-12-10 22:47:53.000000000 +0100
@@ -11,7 +11,7 @@
 
 divert()
 {
-	if ! dpkg-divert --list "$1$2" | grep -q diversion; then
+	if ! LC_ALL=C dpkg-divert --list "$1$2" | grep -q diversion; then
 		dpkg-divert --package rlinetd --quiet --rename --add \
 			--divert "$1.real$2" "$1$2"
 	fi
@@ -19,7 +19,7 @@
 
 undivert()
 {
-	if dpkg-divert --list "$1$2" | grep -q 'diversion.*rlinetd'; then
+	if LC_ALL=C dpkg-divert --list "$1$2" | grep -q 'diversion.*rlinetd'; then
 		if [ -f "$1$2" ] ; then
 			echo "WARNING: saving $1$2 as $1$2.saved_by_rlientd" 1>&2
 			mv -f "$1$2" "$1$2.saved_by_rlientd"
diff -Nru rlinetd-0.8.2/debian/postrm rlinetd-0.8.2/debian/postrm
--- rlinetd-0.8.2/debian/postrm	2012-02-26 13:00:45.000000000 +0100
+++ rlinetd-0.8.2/debian/postrm	2012-12-10 22:47:53.000000000 +0100
@@ -6,7 +6,7 @@
 
 undivert()
 {
-	if dpkg-divert --list "$1$2" | grep -q 'diversion.*rlinetd'; then
+	if LC_ALL=C dpkg-divert --list "$1$2" | grep -q 'diversion.*rlinetd'; then
 		dpkg-divert --package rlinetd --quiet --rename --remove \
 			--divert "$1.real$2" "$1$2"
 	fi

Attachment: signature.asc
Description: Digital signature

Reply via email to