Bug #106564 for Proc-ProcessTable: NetBSD fix for Proc-ProcessTable-0.51

Wed Jun 29 09:10:11 2005 Guest - Ticket #13466: Ticket created

Subject:

Proc:ProccessTable does not compile under Fedora Core 4. Perl: buffer overflow detected.

Kernel version: 2.6.11-1.1381_FC5 Perl version: v5.8.6 Show quoted text

cpan> install Proc::ProcessTable

CPAN: Storable loaded ok Going to read /root/.cpan/Metadata Database was generated on Mon, 27 Jun 2005 03:07:14 GMT CPAN: LWP::UserAgent loaded ok Fetching with LWP: ftp://cpan.cict.fr/pub/CPAN/authors/01mailrc.txt.gz Going to read /root/.cpan/sources/authors/01mailrc.txt.gz CPAN: Compress::Zlib loaded ok Fetching with LWP: ftp://cpan.cict.fr/pub/CPAN/modules/02packages.details.txt.gz Going to read /root/.cpan/sources/modules/02packages.details.txt.gz Database was generated on Mon, 27 Jun 2005 03:07:14 GMT Fetching with LWP: ftp://cpan.cict.fr/pub/CPAN/modules/03modlist.data.gz Going to read /root/.cpan/sources/modules/03modlist.data.gz Going to write /root/.cpan/Metadata Running install for module Proc::ProcessTable Running make for D/DU/DURIST/Proc-ProcessTable-0.39.tar.gz CPAN: Digest::MD5 loaded ok Checksum for /root/.cpan/sources/authors/id/D/DU/DURIST/Proc-ProcessTable-0.39.tar.gz ok Scanning cache /root/.cpan/build for sizes Proc-ProcessTable-0.39/ Proc-ProcessTable-0.39/PORTING Proc-ProcessTable-0.39/Process/ Proc-ProcessTable-0.39/Process/Makefile.PL Proc-ProcessTable-0.39/Process/Process.pm Proc-ProcessTable-0.39/hints/ Proc-ProcessTable-0.39/hints/svr5.pl Proc-ProcessTable-0.39/hints/netbsd.pl Proc-ProcessTable-0.39/hints/hpux.pl Proc-ProcessTable-0.39/hints/cygwin.pl Proc-ProcessTable-0.39/hints/aix_4_3.pl Proc-ProcessTable-0.39/hints/solaris.pl Proc-ProcessTable-0.39/hints/aix.pl Proc-ProcessTable-0.39/hints/aix_5.pl Proc-ProcessTable-0.39/hints/svr4.pl Proc-ProcessTable-0.39/hints/linux.pl Proc-ProcessTable-0.39/hints/irix.pl Proc-ProcessTable-0.39/hints/bsdi.pl Proc-ProcessTable-0.39/hints/dec_osf.pl Proc-ProcessTable-0.39/hints/freebsd.pl Proc-ProcessTable-0.39/hints/sunos.pl Proc-ProcessTable-0.39/hints/aix_4_2.pl Proc-ProcessTable-0.39/os/ Proc-ProcessTable-0.39/os/HPUX.c Proc-ProcessTable-0.39/os/cygwin.c Proc-ProcessTable-0.39/os/cygwin.h Proc-ProcessTable-0.39/os/FreeBSD.c Proc-ProcessTable-0.39/os/FreeBSD.h Proc-ProcessTable-0.39/os/NetBSD.c Proc-ProcessTable-0.39/os/NetBSD.h Proc-ProcessTable-0.39/os/aix_getprocs.c Proc-ProcessTable-0.39/os/aix.c Proc-ProcessTable-0.39/os/aix_getprocs.h Proc-ProcessTable-0.39/os/aix.h Proc-ProcessTable-0.39/os/SunOS.c Proc-ProcessTable-0.39/os/SunOS.h Proc-ProcessTable-0.39/os/UnixWare.c Proc-ProcessTable-0.39/os/IRIX.c Proc-ProcessTable-0.39/os/UnixWare.h Proc-ProcessTable-0.39/os/IRIX.h Proc-ProcessTable-0.39/os/Linux.c Proc-ProcessTable-0.39/os/DecOSF.c Proc-ProcessTable-0.39/os/Linux.h Proc-ProcessTable-0.39/os/DecOSF.h Proc-ProcessTable-0.39/os/Solaris.c Proc-ProcessTable-0.39/os/Solaris.h Proc-ProcessTable-0.39/os/bsdi.c Proc-ProcessTable-0.39/os/bsdi.h Proc-ProcessTable-0.39/README.linux Proc-ProcessTable-0.39/Makefile.PL Proc-ProcessTable-0.39/README.hpux Proc-ProcessTable-0.39/example.pl Proc-ProcessTable-0.39/ProcessTable.pm Proc-ProcessTable-0.39/TODO Proc-ProcessTable-0.39/MANIFEST Proc-ProcessTable-0.39/Killfam.pm Proc-ProcessTable-0.39/README.aix Proc-ProcessTable-0.39/Changes Proc-ProcessTable-0.39/README.cygwin Proc-ProcessTable-0.39/ProcessTable.xs Proc-ProcessTable-0.39/README.dec_osf Proc-ProcessTable-0.39/README Proc-ProcessTable-0.39/README.netbsd Proc-ProcessTable-0.39/README.sunos Proc-ProcessTable-0.39/README.freebsd Proc-ProcessTable-0.39/README.bsdi Proc-ProcessTable-0.39/README.solaris Proc-ProcessTable-0.39/Killall.pm Proc-ProcessTable-0.39/README.unixware Proc-ProcessTable-0.39/t/ Proc-ProcessTable-0.39/t/process.t Removing previously used /root/.cpan/build/Proc-ProcessTable-0.39 CPAN.pm: Going to build D/DU/DURIST/Proc-ProcessTable-0.39.tar.gz Checking if your kit is complete... Looks good Processing hints file hints/linux.pl Writing Makefile for Proc::ProcessTable::Process Writing Makefile for Proc::ProcessTable cp Killall.pm blib/lib/Proc/Killall.pm cp ProcessTable.pm blib/lib/Proc/ProcessTable.pm cp example.pl blib/lib/Proc/example.pl cp Killfam.pm blib/lib/Proc/Killfam.pm make[1]: Entering directory `/root/.cpan/build/Proc-ProcessTable-0.39/Process' cp Process.pm ../blib/lib/Proc/ProcessTable/Process.pm AutoSplitting ../blib/lib/Proc/ProcessTable/Process.pm (../blib/lib/auto/Proc/ProcessTable/Process) Manifying ../blib/man3/Proc::ProcessTable::Process.3pm make[1]: Leaving directory `/root/.cpan/build/Proc-ProcessTable-0.39/Process' /usr/bin/perl /usr/lib/perl5/5.8.6/ExtUtils/xsubpp -typemap /usr/lib/perl5/5.8.6/ExtUtils/typemap ProcessTable.xs > ProcessTable.xsc && mv ProcessTable.xsc ProcessTable.c gcc -c -D_REENTRANT -D_GNU_SOURCE -DDEBUGGING -fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -g -pipe -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -m32 -march=i386 -mtune=pentium4 -fasynchronous-unwind-tables -DVERSION=\"0.39\" -DXS_VERSION=\"0.39\" -fPIC "-I/usr/lib/perl5/5.8.6/i386-linux-thread-multi/CORE" ProcessTable.c gcc -c -D_REENTRANT -D_GNU_SOURCE -DDEBUGGING -fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -g -pipe -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -m32 -march=i386 -mtune=pentium4 -fasynchronous-unwind-tables -DVERSION=\"0.39\" -DXS_VERSION=\"0.39\" -fPIC "-I/usr/lib/perl5/5.8.6/i386-linux-thread-multi/CORE" OS.c Running Mkbootstrap for Proc::ProcessTable () chmod 644 ProcessTable.bs rm -f blib/arch/auto/Proc/ProcessTable/ProcessTable.so gcc -shared -L/usr/local/lib OS.o ProcessTable.o -o blib/arch/auto/Proc/ProcessTable/ProcessTable.so \ \ chmod 755 blib/arch/auto/Proc/ProcessTable/ProcessTable.so cp ProcessTable.bs blib/arch/auto/Proc/ProcessTable/ProcessTable.bs chmod 644 blib/arch/auto/Proc/ProcessTable/ProcessTable.bs Manifying blib/man3/Proc::ProcessTable.3pm Manifying blib/man3/Proc::Killall.3pm Manifying blib/man3/Proc::Killfam.3pm /usr/bin/make -- OK Running make test make[1]: Entering directory `/root/.cpan/build/Proc-ProcessTable-0.39/Process' make[1]: Leaving directory `/root/.cpan/build/Proc-ProcessTable-0.39/Process' PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/process....*** buffer overflow detected ***: /usr/bin/perl terminated ======= Backtrace: ========= /lib/libc.so.6(__chk_fail+0x41)[0x762565] /lib/libc.so.6(__strcpy_chk+0x3f)[0x761bf7] /root/.cpan/build/Proc-ProcessTable-0.39/blib/arch/auto/Proc/ProcessTable/ProcessTable.so(OS_get_table+0xac)[0xb0604b] /root/.cpan/build/Proc-ProcessTable-0.39/blib/arch/auto/Proc/ProcessTable/ProcessTable.so(XS_Proc__ProcessTable_table+0x1e1)[0xb07a6c] /usr/lib/perl5/5.8.6/i386-linux-thread-multi/CORE/libperl.so(Perl_pp_entersub+0x3a5)[0x8f398c] /usr/lib/perl5/5.8.6/i386-linux-thread-multi/CORE/libperl.so(Perl_runops_debug+0x141)[0x8d56e1] /usr/lib/perl5/5.8.6/i386-linux-thread-multi/CORE/libperl.so(perl_run+0x445)[0x887fe1] /usr/bin/perl(main+0x130)[0x80493f4] /lib/libc.so.6(__libc_start_main+0xc6)[0x698de6] /usr/bin/perl[0x8049241] ======= Memory map: ======== 00111000-0011a000 r-xp 00000000 09:00 15008823 /lib/libgcc_s-4.0.0-20050606.so.1 0011a000-0011b000 rwxp 00009000 09:00 15008823 /lib/libgcc_s-4.0.0-20050606.so.1 00666000-00680000 r-xp 00000000 09:00 15007815 /lib/ld-2.3.5.so 00680000-00681000 r-xp 00019000 09:00 15007815 /lib/ld-2.3.5.so 00681000-00682000 rwxp 0001a000 09:00 15007815 /lib/ld-2.3.5.so 00684000-007a8000 r-xp 00000000 09:00 15008778 /lib/libc-2.3.5.so 007a8000-007aa000 r-xp 00124000 09:00 15008778 /lib/libc-2.3.5.so 007aa000-007ac000 rwxp 00126000 09:00 15008778 /lib/libc-2.3.5.so 007ac000-007ae000 rwxp 007ac000 00:00 0 007b0000-007b2000 r-xp 00000000 09:00 15008832 /lib/libdl-2.3.5.so 007b2000-007b3000 r-xp 00001000 09:00 15008832 /lib/libdl-2.3.5.so 007b3000-007b4000 rwxp 00002000 09:00 15008832 /lib/libdl-2.3.5.so 007b6000-007d8000 r-xp 00000000 09:00 15008822 /lib/libm-2.3.5.so 007d8000-007d9000 r-xp 00021000 09:00 15008822 /lib/libm-2.3.5.so 007d9000-007da000 rwxp 00022000 09:00 15008822 /lib/libm-2.3.5.so 007dc000-007de000 r-xp 00000000 09:00 15008838 /lib/libutil-2.3.5.so 007de000-007df000 r-xp 00001000 09:00 15008838 /lib/libutil-2.3.5.so 007df000-007e0000 rwxp 00002000 09:00 15008838 /lib/libutil-2.3.5.so 00804000-00809000 r-xp 00000000 09:00 15008836 /lib/libcrypt-2.3.5.so 00809000-0080a000 r-xp 00004000 09:00 15008836 /lib/libcrypt-2.3.5.so 0080a000-0080b000 rwxp 00005000 09:00 15008836 /lib/libcrypt-2.3.5.so 0080b000-00832000 rwxp 0080b000 00:00 0 00834000-00843000 r-xp 00000000 09:00 15008788 /lib/libresolv-2.3.5.so 00843000-00844000 r-xp 0000e000 09:00 15008788 /lib/libresolv-2.3.5.so 00844000-00845000 rwxp 0000f000 09:00 15008788 /lib/libresolv-2.3.5.so 00845000-00847000 rwxp 00845000 00:00 0 00849000-0085b000 r-xp 00000000 09:00 15007872 /lib/libnsl-2.3.5.so 0085b000-0085c000 r-xp 00011000 09:00 15007872 /lib/libnsl-2.3.5.so 0085c000-0085d000 rwxp 00012000 09:00 15007872 /lib/libnsl-2.3.5.so 0085d000-0085f000 rwxp 0085d000 00:00 0 00861000-009a0000 r-xp 00000000 09:00 11077839 /usr/lib/perl5/5.8.6/i386-linux-thread-multi/CORE/libperl.so 009a0000-009ab000 rwxp 0013e000 09:00 11077839 /usr/lib/perl5/5.8.6/i386-linux-thread-multi/CORE/libperl.so 009ab000-009ad000 rwxp 009ab000 00:00 0 009fc000-00a05000 r-xp 00000000 09:00 11075782 /usr/lib/perl5/5.8.6/i386-linux-thread-multi/auto/List/Util/Util.so 00a05000-00a06000 rwxp 00008000 09:00 11075782 /usr/lib/perl5/5.8.6/i386-linux-thread-multi/auto/List/Util/Util.so 00b04000-00b09000 r-xp 00000000 09:00 12551195 /root/.cpan/build/Proc-ProcessTable-0.39/blib/arch/auto/Proc/ProcessTable/ProcessTable.so 00b09000-00b0a000 rwxp 00005000 09:00 12551195 /root/.cpan/build/Proc-ProcessTable-0.39/blib/arch/auto/Proc/ProcessTable/ProcessTable.so 00b6a000-00b78000 r-xp 00000000 09:00 15008824 /lib/libpthread-2.3.5.so 00b78000-00b79000 r-xp 0000d000 09:00 15008824 /lib/libpthread-2.3.5.so 00b79000-00b7a000 rwxp 0000e000 09:00 15008824 /lib/libpthread-2.3.5.so 00b7a000-00b7c000 rwxp 00b7a000 00:00 0 00ceb000-00cec000 r-xp 00ceb000 00:00 0 00e73000-00e75000 r-xp 00000000 09:00 11078735 /usr/lib/perl5/5.8.6/i386-linux-thread-multi/auto/Cwd/Cwd.so 00e75000-00e76000 rwxp 00002000 09:00 11078735 /usr/lib/perl5/5.8.6/i386-linux-thread-multi/auto/Cwd/Cwd.so 08048000-0804b000 r-xp 00000000 09:00 10984264 /usr/bin/perl 0804b000-0804d000 rw-p 00002000 09:00 10984264 /usr/bin/perl 09f17000-0a0a2000 rw-p 09f17000 00:00 0 [heap] b7d0c000-b7d2d000 rw-p b7d0c000 00:00 0 b7d2d000-b7f2d000 r--p 00000000 09:00 10980256 /usr/lib/locale/locale-archive b7f2d000-b7f30000 rw-p b7f2d000 00:00 0 b7f36000-b7f37000 rw-p b7f36000 00:00 0 bf8d0000-bf937000 rw-p bf8d0000 00:00 0 [stack] t/process....dubious Test returned status 0 (wstat 6, 0x6) DIED. FAILED tests 1-3 Failed 3/3 tests, 0.00% okay Failed Test Stat Wstat Total Fail Failed List of Failed ------------------------------------------------------------------------------- t/process.t 0 6 3 6 200.00% 1-3 Failed 1/1 test scripts, 0.00% okay. 3/3 subtests failed, 0.00% okay. make: *** [test_dynamic] Error 255 /usr/bin/make test -- NOT OK Running make install make test had returned bad status, won't install without force

Thu Aug 20 11:37:21 2015 tk [...] giga.or.at - Ticket created

Subject:	NetBSD fix for Proc-ProcessTable-0.51
Date:	Thu, 20 Aug 2015 17:37:00 +0200
To:	bug-Proc-ProcessTable [...] rt.cpan.org
From:	Thomas Klausner <tk [...] giga.or.at>

Hi! Compiling with SSP shows that there is a buffer overflow when using strcpy to copy Defaultformat into format, because it is too small. F_LASTFIELD is 18 and 18 is the last used field, but the count starts from 0, so we need F_LASTFIELD+2 spaces in format (one extra for the terminating NUL). Please apply the attached patch, and check the other operating system support files too, only OpenBSD has a "+2". Thomas

Message body is not shown because sender requested not to inline it.

Sun Aug 23 05:34:11 2015 cpan [...] bargsten.org - Correspondence added

Thanks for reporting and providing the patch. I've commited it to the git repo. It will be part of the next release on CPAN. https://github.com/jwbargsten/perl-proc-processtable/commit/8d621e4e86bd4d202d9935be9c5c487a97928904

Sun Aug 23 05:34:12 2015 The RT System itself - Status changed from 'new' to 'open'

Sun Aug 23 05:34:19 2015 cpan [...] bargsten.org - Status changed from 'open' to 'resolved'

Sun Aug 23 11:36:01 2015 cpan [...] bargsten.org - Ticket #13466: Merged into ticket #106564

Sun Aug 23 11:36:01 2015 cpan [...] bargsten.org - Merged into ticket #106564