group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #37668
[Bug 1865032] Re: [UBUNTU] zipl/libc: Fix potential buffer overflow in printf
** Changed in: ubuntu-z-systems
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1865032
Title:
[UBUNTU] zipl/libc: Fix potential buffer overflow in printf
Status in Ubuntu on IBM z Systems:
Fix Released
Status in s390-tools package in Ubuntu:
Fix Released
Status in s390-tools source package in Xenial:
Fix Released
Status in s390-tools source package in Bionic:
Fix Released
Status in s390-tools source package in Eoan:
Won't Fix
Status in s390-tools source package in Focal:
Fix Released
Bug description:
[Impact]
* Crash of the zipl boot loader during boot.
* due to printf buffer overflow in zipl/libc implementation
[Test Case]
* Use printf to print a string with >81 characters
(exact number depends on the stack layout/compiler used).
[Where problems could occur]
* regressions in zipl could break the booting on IBM Z, in certain scenarios
* the package is only available on s390x and thus could only affect IBM Z machines
[Other Info]
* Patches provided by IBM
* In addition to the 4 commit IDs from the original description, I needed to include part of another upstream commit, to add the "memmove()" function. This was taken from: https://github.com/ibm-s390-tools/s390-tools/commit/e764f460c457ab2a6000acb5f2eb7169866ce192
=== Original Description ===
Description: zipl/libc: Fix potential buffer overflow in printf
Symptom: Crash of the zipl boot loader during boot.
Problem: The zipl boot loaders have their own minimalistic libc
implementation. In it printf and sprintf use vsprintf for string
formatting. Per definition vsprintf assumes that the buffer it
writes to is large enough to contain the formatted string and
performs no size checks. This is problematic for the boot
loaders because the buffer they use are often allocated on the
stack. Thus even small changes to the string format can
potentially cause buffer overflows on the stack.
Solution: Implement vsnprintf and make use of it.
Reproduction: Use printf to print a string with >81 characters (exact number
depends on the stack layout/compiler used).
Upstream commit(s) for s390-tools:
6fe9e6c55c69c14971dca55551009f5060418aae
8874b908254c47c8a6fd7a1aca2c7371c11035c4
f7430027b41d5ad6220e962a179c2a5213330a44
36fed0e6c6590631c4ce1707c8fe3c3397bcce4d
Problem was introduced with version 1.24. Therefore these patches need
to be applied to all distros in service.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1865032/+subscriptions