Package: sysstat
Version: 11.6.0-1
Followup-For: Bug #883863
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu bionic ubuntu-patch
Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
* What exactly did you do (or not do) that was effective (or
ineffective)?
* What was the outcome of this action?
* What outcome did you expect instead?
*** End of the template - remove these template lines ***
*** /tmp/tmpNGiBTg/bug_body
In Ubuntu, the attached patch was applied to achieve the following:
Ubuntu decided to use the full upstream patch for this issue (including
patching the read_filesystem function in rd_stats.c.
* Add 15-yet-another-mtab-reading-fix.patch to handle another case of
unsafe mtab reading. (LP: #1720627)
Thanks for considering the patch.
diff -Nru sysstat-11.6.0/debian/control sysstat-11.6.0/debian/control
--- sysstat-11.6.0/debian/control 2017-11-16 10:43:50.000000000 +0100
+++ sysstat-11.6.0/debian/control 2017-12-06 16:29:31.000000000 +0100
@@ -1,8 +1,7 @@
Source: sysstat
Section: admin
Priority: optional
-Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com>
-XSBC-Original-Maintainer: Robert Luberda <rob...@debian.org>
+Maintainer: Robert Luberda <rob...@debian.org>
Build-Depends: debhelper (>= 10), gettext, libsensors4-dev, pkg-config
Standards-Version: 4.1.0
Homepage: http://pagesperso-orange.fr/sebastien.godard/
diff -Nru sysstat-11.6.0/debian/patches/15-yet-another-mtab-reading-fix.patch
sysstat-11.6.0/debian/patches/15-yet-another-mtab-reading-fix.patch
--- sysstat-11.6.0/debian/patches/15-yet-another-mtab-reading-fix.patch
1970-01-01 01:00:00.000000000 +0100
+++ sysstat-11.6.0/debian/patches/15-yet-another-mtab-reading-fix.patch
2017-12-06 16:29:31.000000000 +0100
@@ -0,0 +1,91 @@
+Description: Handle segmantation fault while reading /etc/mtab
+ A segmentation fault may happen with "sadc -S DISK..." or
+ "sadc -S XDISK..." when lines longer than 512 bytes are read from
+ /etc/mtab.
+
+ Such lines are possible for instance when overlay2 filesystem
+ with docker is used. In such a case a single mtab entry can look
+ like this (note that new line characters were added for readability,
+ the original entry contained only one '\n' at the end):
+
+ overlay /var/lib/docker/overlay2/f23d2377a67b9ab1b49555ecd09b2ccdc03
+ 7e0ee5d9e54f87e59f07f4398e71f/merged overlay rw,relatime,lowerdir=/v
+ ar/lib/docker/overlay2/l/L6VKIYXWBQSJ5R7V35SS43R6Y6:/var/lib/docker/
+ overlay2/l/UCCHKGXUJPWCMLHR36IZJNNIQP:/var/lib/docker/overlay2/l/RKV
+ YEXD2FH65FTMK76RDWPLESX:/var/lib/docker/overlay2/l/DX4JZRKTFP2GOO4V6
+ OWQ6CPJFY:/var/lib/docker/overlay2/l/6CYNWDKADUPPDZJ5IHOH2R7Y5S:/var
+ /lib/docker/overlay2/l/JTPINUZIATXADL6XWFHG2OYGSF:/var/lib/docker/ov
+ erlay2/l/OTSTIV5TTRHF4IUD7BODQ2FUON:/var/lib/docker/overlay2/l/QFNH3
+ EFS5EZGRTC4DPHU3PJ4TU:/var/lib/docker/overlay2/l/ZOOUKT2E5U4CSLP57Z7
+ MXYX5CD:/var/lib/docker/overlay2/l/3LUU6IDR2HWPTVBARC5K6XSMRC:/var/l
+ ib/docker/overlay2/l/XOHYBP4RWXQKQZ43I7JKG24KE4:/var/lib/docker/over
+ lay2/l/MN5M5B7AY5LPXQQC6V2MBJWWBF:/var/lib/docker/overlay2/l/3DRMKQ3
+ 4AIZD2AROU3TVK3OCUT:/var/lib/docker/overlay2/l/73ZXDHBV6C53Q3SPXA57E
+ OLGHU:/var/lib/docker/overlay2/l/C2IZBQ55EUTGEAAORSLE73ZPNM:/var/lib
+ /docker/overlay2/l/ITHARNV7RPWN5S3BCZ2QDMZIMJ:/var/lib/docker/overla
+ y2/l/TQKUV4LEG4AFUUCMFHHRLDBHAH:/var/lib/docker/overlay2/l/N75JZWPPD
+ EKJ4DTN4GMEGTDIZL:/var/lib/docker/overlay2/l/QGUUYAETPMK643DG3AKWJAI
+ IZA,upperdir=/var/lib/docker/overlay2/f23d2377a67b9ab1b49555ecd09b2c
+ cdc037e0ee5d9e54f87e59f07f4398e71f/diff,workdir=/var/lib/docker/over
+ lay2/f23d2377a67b9ab1b49555ecd09b2ccdc037e0ee5d9e54f87e59f07f4398e71
+ f/work 0 0
+
+ The crash occurs in the get_filesystem_nr() and read_filesystem()
+ functions which call strchr(line, ' ') but fail to check if the result
+ is not NULL.
+
+ This patch adds this check, and when a single mtab entry requires more
+ that one call to fgets() (i.e. the entry is longer than 512 bytes), it
+ ignores outcome of the second and following calls.
+ .
+ sysstat (11.6.0-1ubuntu2) bionic; urgency=medium
+ .
+ * Add 15-yet-another-mtab-reading-fix.patch to handle another case of
+ unsafe mtab reading. (LP: #1720627)
+Origin: upstream,
https://github.com/sysstat/sysstat/commit/d40c8ecc530303d7e802617f21a9ac85dbcd68bd
+Bug-Ubuntu: https://launchpad.net/bugs/1720627
+Last-Update: 2017-12-06
+
+--- sysstat-11.6.0.orig/rd_stats.c
++++ sysstat-11.6.0/rd_stats.c
+@@ -2097,7 +2097,8 @@ void read_filesystem(struct stats_filesy
+ {
+ FILE *fp;
+ char line[512], fs_name[128], mountp[256];
+- int fs = 0;
++ int fs = 0, skip = 0, skip_next = 0;
++ char *pos = 0;
+ struct stats_filesystem *st_filesystem_i;
+ struct statvfs buf;
+
+@@ -2105,7 +2106,21 @@ void read_filesystem(struct stats_filesy
+ return;
+
+ while ((fgets(line, sizeof(line), fp) != NULL) && (fs < nbr)) {
++ /*
++ * Ignore line if the preceding line did not contain '\n'.
++ * (Some very long lines may be found for instance when
++ * overlay2 filesystem with docker is used).
++ */
++ skip = skip_next;
++ skip_next = (strchr(line, '\n') == NULL);
++ if (skip)
++ continue;
++
+ if (line[0] == '/') {
++ /* Find field separator position */
++ pos = strchr(line, ' ');
++ if (pos == NULL)
++ continue;
+
+ /* Read current filesystem name */
+ sscanf(line, "%127s", fs_name);
+@@ -2118,7 +2133,7 @@ void read_filesystem(struct stats_filesy
+ * from the fs name. This will result in a bogus name
+ * and following statvfs() function will always fail.
+ */
+- sscanf(strchr(line, ' ') + 1, "%255s", mountp);
++ sscanf(pos + 1, "%255s", mountp);
+
+ /* Replace octal codes */
+ oct2chr(mountp);
diff -Nru sysstat-11.6.0/debian/patches/series
sysstat-11.6.0/debian/patches/series
--- sysstat-11.6.0/debian/patches/series 2017-11-16 10:43:50.000000000
+0100
+++ sysstat-11.6.0/debian/patches/series 2017-12-06 16:29:31.000000000
+0100
@@ -8,3 +8,4 @@
13-remove-sccsid.patch
14-fix-mtab-reading.patch
fix-00-byte-after-values-when-human-is-not-set.patch
+15-yet-another-mtab-reading-fix.patch
