Your message dated Sat, 22 Oct 2022 13:06:21 +0000
with message-id <e1omecj-00fbhy...@fasolo.debian.org>
and subject line Bug#947425: fixed in incron 0.5.12-3
has caused the Debian Bug report #947425,
regarding incron crashes in IncronTabEntry::GetSafePath due to use-after-free
bug
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
947425: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947425
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: incron
Version: 0.5.12-1
Severity: grave
Tags: security patch upstream
Hi,
incron crashes for me frequently. As incron runs as root, but is controllable
by users, this bug might be security-relevant, so I'm reporting it a severity
grave and tagging it security. Please downgrade if you can rule out this
concern.
Further investigation shows that the problem is caused by the creation of new
directories within watched paths: these trigger a reload of the inotify watch
target, rendering the old watch structure invalid. Only after the reload,
potential commands are executed. This may require to get path of the event, but
the corresponding pointer is invalid after the reload.
Attached is a patch that extracts the path before the reload, making this
problem disappear for me. Note that the patch assumes that LOOPER is not
defined, which seems to be the case for the Debian package.
Backtrace for reference:
bt full
#0 0x004ba484 in IncronTabEntry::GetSafePath (rPath=<error: Cannot access
memory at address 0x7475612f>) at /usr/include/c++/8/bits/basic_string.h:1046
i = 0
stream = <incomplete type>
len = 1919509615
#1 0x004c43f3 in UserTable::OnEvent (this=<optimized out>, rEvt=...) at
inotify-cxx.h:428
px = 40
pW = 0x1fbde40
pE = 0x1fbc920
events = "IN_CREATE,IN_ISDIR"
cmd = "/home/user/autoscripts/imageresize.sh "
cs = "/home/user/autoscripts/imageresize.sh $@/$# $# $%"
pos = 39
oldpos = 0
len = <optimized out>
pid = <optimized out>
#2 0x004c4767 in EventDispatcher::ProcessEvents (this=<optimized out>) at
usertable.cpp:110
pIn = 0x1fc7d24
it = {first = 1702521203, second = 0x1fc0072}
i = 2
pipe = false
evt = {m_uMask = 1073742080, m_uCookie = 0, m_name = "Neuer Ordner",
m_pWatch = 0x1fbde40}
#3 0x004b8650 in main (argc=<optimized out>, argv=<optimized out>) at
icd-main.cpp:458
res = <optimized out>
wm = 10184
in = {m_fd = 6, m_watches = std::map with 2 elements = {[1] =
0xbfc8ab40, [2] = 0xbfc8ab68}, m_paths = std::map with 2 elements = {
["/etc/incron.d"] = 0xbfc8ab40, ["/var/spool/incron"] =
0xbfc8ab68}, m_buf = '\000' <repeats 29450 times>..., m_events = std::deque
with 0 elements}
stw = {m_path = "/etc/incron.d", m_uMask = 10184, m_wd = 1, m_pInotify
= 0xbfc8ab90, m_fEnabled = true}
utw = {m_path = "/var/spool/incron", m_uMask = 10184, m_wd = 2,
m_pInotify = 0xbfc8ab90, m_fEnabled = true}
ed = {m_iPipeFd = 4, m_iMgmtFd = 6, m_pIn = 0xbfc8ab90, m_pSys =
0xbfc8ab40, m_pUser = 0xbfc8ab68, m_maps = std::map with 1 element = {[8] =
0x1fc7d20},
m_size = 3, m_pPoll = 0x1fbe080}
cfg = "/etc/incron.conf"
lckdir = "/var/run"
lckfile = "incrond"
app = {m_path = "/var/run/incrond.pid", m_fLocked = true}
ret = 0
sysBase = "/etc/incron.d"
userBase = "/var/spool/incron"
-- System Information:
Debian Release: 10.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-debug'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 4.19.0-6-686-pae (SMP w/4 CPU cores)
Locale: LANG=de_AT.UTF-8, LC_CTYPE=de_AT.UTF-8 (charmap=UTF-8),
LANGUAGE=de_AT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages incron depends on:
ii adduser 3.118
ii init-system-helpers 1.56+nmu1
ii libc6 2.28-10
ii libgcc1 1:8.3.0-6
ii libstdc++6 8.3.0-6
ii lsb-base 10.2019051400
incron recommends no packages.
incron suggests no packages.
-- Configuration Files:
/etc/incron.allow [Errno 13] Keine Berechtigung: '/etc/incron.allow'
/etc/incron.deny [Errno 13] Keine Berechtigung: '/etc/incron.deny'
-- no debconf information
diff --git a/usertable.cpp b/usertable.cpp
index 3f1ef4a..bdc7f29 100644
--- a/usertable.cpp
+++ b/usertable.cpp
@@ -370,6 +370,8 @@ void UserTable::OnEvent(InotifyEvent& rEvt)
{
InotifyWatch* pW = rEvt.GetWatch();
IncronTabEntry* pE = FindEntry(pW);
+
+ std::string pWPath = pW->GetPath();
// no entry found - this shouldn't occur
if (pE == NULL)
@@ -422,7 +424,7 @@ void UserTable::OnEvent(InotifyEvent& rEvt)
else {
cmd.append(cs.substr(oldpos, pos-oldpos));
if (cs[px] == '@') { // base path
- cmd.append(IncronTabEntry::GetSafePath(pW->GetPath()));
+ cmd.append(IncronTabEntry::GetSafePath(pWPath));
oldpos = pos + 2;
}
else if (cs[px] == '#') { // file name
--- End Message ---
--- Begin Message ---
Source: incron
Source-Version: 0.5.12-3
Done: Emmanuel Bouthenot <kol...@debian.org>
We believe that the bug you reported is fixed in the latest version of
incron, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 947...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Emmanuel Bouthenot <kol...@debian.org> (supplier of updated incron package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 18 Oct 2022 16:38:29 +0000
Source: incron
Architecture: source
Version: 0.5.12-3
Distribution: unstable
Urgency: medium
Maintainer: Emmanuel Bouthenot <kol...@debian.org>
Changed-By: Emmanuel Bouthenot <kol...@debian.org>
Closes: 947425 1021850
Changes:
incron (0.5.12-3) unstable; urgency=medium
.
* Bump Standards-Version to 4.6.1.0
* Switch debian/watch version to 4
* Add a patch to fix FTBFS with gcc 11 (Closes: #1021850)
* Add a patch to fix a segfault while using $@ in command to execute
(Closes: #947425)
Checksums-Sha1:
9a870492bd4a9ce61c348e0358946c4aa72ee96d 1831 incron_0.5.12-3.dsc
8d53dfd41221099c59fbf7fceabb25ad6d12e296 102104 incron_0.5.12-3.debian.tar.xz
099a8a099f90c1e319070b03eea0f4f6cdf327f8 6807 incron_0.5.12-3_source.buildinfo
Checksums-Sha256:
b67ef6cf324b948a060ce9d12856acefa3b1b95b483c9ec7482ffda4f48c5d76 1831
incron_0.5.12-3.dsc
81664c71213fa603022c504b450a0bab9faf129513bd2575c9b0bbd190ffa0f8 102104
incron_0.5.12-3.debian.tar.xz
9b9e39b4fc0ec5fefbca79f74dc372d5b7f04191d1b492d731e9e58027643f67 6807
incron_0.5.12-3_source.buildinfo
Files:
c133e609e0b90a052c71b15a75d6b8f8 1831 admin optional incron_0.5.12-3.dsc
a15e98e650271575afeff96262ec878f 102104 admin optional
incron_0.5.12-3.debian.tar.xz
dc161b5887345b99378246a27d844fde 6807 admin optional
incron_0.5.12-3_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEETQ1Tfow3vJnf8QuHSwd3I5KdQsMFAmNT4q4ACgkQSwd3I5Kd
QsMzGQ/+JXDYpQluoZv3aa2NOU1lO7cUbN/o7QbCaJKixdXARg+H+2NvJeK1n0qB
QLiLN4nLk5wpP7KkrRssJAc0eoMmWI0ScIT6QH7an21AHQSD+1Vm/yIY7ar9Mww2
kqqSBlo+TuGFS5BINboGYGh+ar7/kbEHYj83QsGm2Pjwb+zAHk/di7r3068znVu4
b/FOFT+5GluxlIC851PlzCnommrmAsnkFgS8i9HmR1S8SaJR4FmvrK1jIpX/AY7r
oo/tbt7/ZCRTTBhyTBHnxeE6XVRsieTp5nE3QUym/iPemsowLN36USKVrE1VeblN
OhGaqMr99p4Aq+/KAXylIqDBWd884geC+DJUW+gYwoh/tuK3LnqAWyNx/yoDMZhj
Am9z4otduZ6U7w5fLCprNEoi53Ms1aHuDHrTGL3dhCWfTKOX/EOaaELXdiMOy2yj
3W4kpzbL9AD4/ai7brV+RWTziXmmd4rY2pTv322BQS1aHQv2pTLud+3GKtedRANG
ErxXnZAAGcFWeDjwAvI6ItBvOCqevYhaORs3GEANMREe1fMS7BjFSPKucNsDc9y4
95oLnMTBRipaUisqJE7WkiyHAkxdpNbKt40moTYLc/XrbG38BsP3NVbrRWLUtmRg
rjzwNoXQDQ5IT554wbCrIsjcOqB9Ul5zd17jS1XvXhAZHj3CS6s=
=1xO1
-----END PGP SIGNATURE-----
--- End Message ---
