[Bug 1084279] [NEW] buffer overflow crash in libgcrypt when open files > 1024

Tommy Odom tommy.odom at gmail.com
Wed Nov 28 23:05:34 UTC 2012 

Public bug reported:

I am running JBoss with my open files set to > 1024 and when one of my
Java classes tries to access the printers it talks to libcups which uses
libgnutls which uses libgcrypt.  However, libgcrypt has some code that
is calling FD_SET on a file descriptor but that gets reported as a
buffer overflow because the file descriptor has a value of 1053 which is
greater than the FD_SETSIZE define of 1024.  This bug was fixed in
libgcrypt in September 2011 but does not appear in the patched version
of libgcrypt11 1.5.0 in Ubuntu 12.04.

The git commit in libgcrypt that fixes the problem is
061b11de60415e228f33599270d66aafe4b88d72 and can be viewed at:

http://git.gnupg.org/cgi-
bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=061b11de60415e228f33599270d66aafe4b88d72

I submitted the crash (I think it's not entirely clear to me it did
anything) using ubuntu-bug which I guess went to the whoopsie database
or something.

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: libgcrypt11 1.5.0-3ubuntu0.1
ProcVersionSignature: Ubuntu 3.2.0-27.43-generic 3.2.21
Uname: Linux 3.2.0-27-generic x86_64
ApportVersion: 2.0.1-0ubuntu11
Architecture: amd64
Date: Wed Nov 28 17:57:12 2012
InstallationMedia: Ubuntu-Server 12.04 LTS "Precise Pangolin" - Release amd64 (20120424.1)
MarkForUpload: True
ProcEnviron:
 LANGUAGE=en_US:
 TERM=xterm-256color
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: libgcrypt11
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: libgcrypt11 (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug precise

** Description changed:

- Description:	Ubuntu 12.04 LTS
- Release:	12.04
- 
- libgcrypt11:
-   Installed: 1.5.0-3ubuntu0.1
-   Candidate: 1.5.0-3ubuntu0.1
-   Version table:
-  *** 1.5.0-3ubuntu0.1 0
-         500 http://us.archive.ubuntu.com/ubuntu/ precise-updates/main amd64 Packages
-         100 /var/lib/dpkg/status
-      1.5.0-3 0
-         500 http://us.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages
- 
  I am running JBoss with my open files set to > 1024 and when one of my
  Java classes tries to access the printers it talks to libcups which uses
  libgnutls which uses libgcrypt.  However, libgcrypt has some code that
  is calling FD_SET on a file descriptor but that gets reported as a
  buffer overflow because the file descriptor has a value of 1053 which is
  greater than the FD_SETSIZE define of 1024.  This bug was fixed in
  libgcrypt in September 2011 but does not appear in the patched version
  of libgcrypt11 1.5.0 in Ubuntu 12.04.
  
  The git commit in libgcrypt that fixes the problem is
  061b11de60415e228f33599270d66aafe4b88d72 and can be viewed at:
  
  http://git.gnupg.org/cgi-
  bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=061b11de60415e228f33599270d66aafe4b88d72
  
  I submitted the crash (I think it's not entirely clear to me it did
  anything) using ubuntu-bug which I guess went to the whoopsie database
  or something.
  
  ProblemType: Bug
  DistroRelease: Ubuntu 12.04
  Package: libgcrypt11 1.5.0-3ubuntu0.1
  ProcVersionSignature: Ubuntu 3.2.0-27.43-generic 3.2.21
  Uname: Linux 3.2.0-27-generic x86_64
  ApportVersion: 2.0.1-0ubuntu11
  Architecture: amd64
  Date: Wed Nov 28 17:57:12 2012
  InstallationMedia: Ubuntu-Server 12.04 LTS "Precise Pangolin" - Release amd64 (20120424.1)
  MarkForUpload: True
  ProcEnviron:
-  LANGUAGE=en_US:
-  TERM=xterm-256color
-  LANG=en_US.UTF-8
-  SHELL=/bin/bash
+  LANGUAGE=en_US:
+  TERM=xterm-256color
+  LANG=en_US.UTF-8
+  SHELL=/bin/bash
  SourcePackage: libgcrypt11
  UpgradeStatus: No upgrade log present (probably fresh install)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libgcrypt11 in Ubuntu.
https://bugs.launchpad.net/bugs/1084279

Title:
  buffer overflow crash in libgcrypt when open files > 1024

Status in “libgcrypt11” package in Ubuntu:
  New

Bug description:
  I am running JBoss with my open files set to > 1024 and when one of my
  Java classes tries to access the printers it talks to libcups which
  uses libgnutls which uses libgcrypt.  However, libgcrypt has some code
  that is calling FD_SET on a file descriptor but that gets reported as
  a buffer overflow because the file descriptor has a value of 1053
  which is greater than the FD_SETSIZE define of 1024.  This bug was
  fixed in libgcrypt in September 2011 but does not appear in the
  patched version of libgcrypt11 1.5.0 in Ubuntu 12.04.

  The git commit in libgcrypt that fixes the problem is
  061b11de60415e228f33599270d66aafe4b88d72 and can be viewed at:

  http://git.gnupg.org/cgi-
  bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=061b11de60415e228f33599270d66aafe4b88d72

  I submitted the crash (I think it's not entirely clear to me it did
  anything) using ubuntu-bug which I guess went to the whoopsie database
  or something.

  ProblemType: Bug
  DistroRelease: Ubuntu 12.04
  Package: libgcrypt11 1.5.0-3ubuntu0.1
  ProcVersionSignature: Ubuntu 3.2.0-27.43-generic 3.2.21
  Uname: Linux 3.2.0-27-generic x86_64
  ApportVersion: 2.0.1-0ubuntu11
  Architecture: amd64
  Date: Wed Nov 28 17:57:12 2012
  InstallationMedia: Ubuntu-Server 12.04 LTS "Precise Pangolin" - Release amd64 (20120424.1)
  MarkForUpload: True
  ProcEnviron:
   LANGUAGE=en_US:
   TERM=xterm-256color
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: libgcrypt11
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libgcrypt11/+bug/1084279/+subscriptions

More information about the foundations-bugs mailing list