--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: Buffer overflow in cpufreqd, patch attached
- From: Adam Conrad <adconrad@debian.org>
- Date: Sat, 04 Jan 2014 04:01:47 -0700
- Message-id: <20140104110147.1024.96832.reportbug@cthulhu>
Package: cpufreqd
Version: 2.4.2-2
Severity: important
Tags: patch
User: ubuntu-devel@lists.ubuntu.com
Usertags: origin-ubuntu trusty ubuntu-patch
In Ubuntu, the attached patch was applied to achieve the following:
* path_max.patch: Pull upstream patch to fix MAX_PATH_LEN (LP: #1162160)
This is a straight buffer overflow, detected by glibc when compiled
with FORTIFY_SOURCE (which is the default in Ubuntu, but not Debian,
which likely explains the lack of Debian bug reports about this one
so far).
The patch is a direct pull from upstream git, tested here, and seems
to correct the issue.
... Adam
-- System Information:
Debian Release: wheezy/sid
APT prefers trusty-updates
APT policy: (500, 'trusty-updates'), (500, 'trusty-security'), (500, 'trusty'), (500, 'saucy-updates')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.13.0-0-generic (SMP w/4 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru cpufreqd-2.4.2/debian/changelog cpufreqd-2.4.2/debian/changelog
diff -Nru cpufreqd-2.4.2/debian/patches/path_max.patch cpufreqd-2.4.2/debian/patches/path_max.patch
--- cpufreqd-2.4.2/debian/patches/path_max.patch 1969-12-31 17:00:00.000000000 -0700
+++ cpufreqd-2.4.2/debian/patches/path_max.patch 2014-01-04 03:50:29.000000000 -0700
@@ -0,0 +1,35 @@
+From b5b23525edcc09898288360c48e92b4a6c9cb0ee Mon Sep 17 00:00:00 2001
+From: Perttu Luukko <perttu.luukko@iki.fi>
+Date: Sun, 13 Jun 2010 15:20:10 +0900
+Subject: [PATCH] Fix cpufreqd segfault when calling realpath
+
+The size is set at cpufreqd.h to 512. man 3 realpath tells me that
+realpath wants a buffer of size PATH_MAX, so I modified cpufreqd.h to
+include limits.h if it is present and use PATH_MAX.
+
+Signed-off-by: Mattia Dongili <malattia@linux.it>
+---
+ src/cpufreqd.h | 8 +++++++-
+ 1 files changed, 7 insertions(+), 1 deletions(-)
+
+diff --git a/src/cpufreqd.h b/src/cpufreqd.h
+index 9733a5f..97b905a 100644
+--- a/src/cpufreqd.h
++++ b/src/cpufreqd.h
+@@ -54,6 +54,12 @@
+ #define DEFAULT_VERBOSITY 3
+
+ #define MAX_STRING_LEN 255
+-#define MAX_PATH_LEN 512
++
++#ifdef HAVE_LIMITS_H
++#include <limits.h>
++#define MAX_PATH_LEN PATH_MAX
++#else
++#define MAX_PATH_LEN 512
++#endif
+
+ #endif /* __CPUFREQD_H__ */
+--
+1.7.2.5
+
diff -Nru cpufreqd-2.4.2/debian/patches/series cpufreqd-2.4.2/debian/patches/series
--- cpufreqd-2.4.2/debian/patches/series 2013-03-23 06:51:28.000000000 -0600
+++ cpufreqd-2.4.2/debian/patches/series 2014-01-04 03:51:17.000000000 -0700
@@ -1 +1,2 @@
619913.patch
+path_max.patch
--- End Message ---
--- Begin Message ---
Source: cpufreqd
Source-Version: 2.4.2-5
Done: Gianfranco Costamagna <locutusofborg@debian.org>
We believe that the bug you reported is fixed in the latest version of
cpufreqd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 734150@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Gianfranco Costamagna <locutusofborg@debian.org> (supplier of updated cpufreqd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 27 Jul 2023 08:14:09 +0200
Source: cpufreqd
Built-For-Profiles: noudeb
Architecture: source
Version: 2.4.2-5
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Gianfranco Costamagna <locutusofborg@debian.org>
Closes: 734150
Launchpad-Bugs-Fixed: 1162160
Changes:
cpufreqd (2.4.2-5) unstable; urgency=medium
.
* QA upload.
* Apply patch from upstream and Ubuntu to fix crash due to
MAX_PATH_LEN (LP: #1162160, Closes: #734150)
Thanks Adam Conrad <3
Checksums-Sha1:
6e699567bb04e8c5b7a2e03857f96c09c9eee1bb 1874 cpufreqd_2.4.2-5.dsc
1733b031f7e92e50c2d03de5925b3d29493040af 12464 cpufreqd_2.4.2-5.debian.tar.xz
3ba530fd44a33bcbf8f78c8336f6ba6175e40146 7794 cpufreqd_2.4.2-5_source.buildinfo
Checksums-Sha256:
5188e0a71b224fb7f7caf4970bb0580f6e95e2f274f1e1e692fd7efd6029784d 1874 cpufreqd_2.4.2-5.dsc
0a0a0ae75a9c5021befc51a0554ece3ab437e667a382753268e73f725b347359 12464 cpufreqd_2.4.2-5.debian.tar.xz
abf6237601b1029d56f847d4d90f37c4288cb33e1b1dc54c39ddbb497b773f80 7794 cpufreqd_2.4.2-5_source.buildinfo
Files:
27922c70ee0f75ac3eb649ad5050f335 1874 admin optional cpufreqd_2.4.2-5.dsc
3d95de9ea791f1cbc1cb03260937a564 12464 admin optional cpufreqd_2.4.2-5.debian.tar.xz
ff2faccdedf583f366f840569ffc3770 7794 admin optional cpufreqd_2.4.2-5_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEkpeKbhleSSGCX3/w808JdE6fXdkFAmTCC6cACgkQ808JdE6f
Xdm1iQ/9EMx2+vI88gK/5Dloziy/JEsbWdVl42PG2443dLkUvCXwETbttwKdJ9eT
3I6g0hWgXwm7kN9nXiNvE/AZOLYb66U+9e2653c5OYwhfkQh24fZXHTVCm4q+Juw
xWNbXNQhjz/QNUDQ9lXpie+YvUGE+bWJh7aa9+RdwW/JoqhXyvrhR0XSQRy1vqi+
lDTnISVM0xgcZSym7EkXTXK/JJP/E8GKy7VJRwerVSdZyMbyEmvp9N9YAksIuCcO
gGKdehZrJNjclEw3o7upVf9+m0AUhCqACpLN7IDUuVXbOPSA164aoJcV02SmHGJJ
I2tJPuUg0QJBKbgjf4mRsLHYzlUVaMiAZy5q0+OoSfXqQ8WYOJ17fNEhnnVl5C/5
oTd79mJvj9/KajNfzxpXURO3WpUg55UN7CQ8UOkMefAnIw21f5K2SIgJ1kQlVkQg
vk0B0klrnoARvhYO3ZWpw7xtPDq2e3Bmlhigh4zw+libov71QcG+hljCDRXEsk/5
MMVCwAfQZW8C/hd1ufzPLoTcFw3tQAJBB1I1jXkUPvfQp9gEy8XqnQiot+WqdR5l
i2BDjSRQIMsTaznHJoxep7qWSpmgNzyq5b9LbPsFDFjjjmfloJe7+LxCAfmbPPgF
/OF2YAo1Rov8Q+S98/K4L5OxOu78cADM5xmQo9w9G7cJQjb0e3U=
=cZ9t
-----END PGP SIGNATURE-----
--- End Message ---