[Bug 1512554] [NEW] mdadm crash due to buffer overflow when device name is more than 30 chars
Sheng Yang
1512554 at bugs.launchpad.net
Tue Nov 3 02:28:20 UTC 2015
Public bug reported:
$ cat /etc/issue
Ubuntu 14.04.2 LTS \n \l
$ sudo mdadm --version
mdadm - v3.2.5 - 18th May 2012
$ sudo mdadm --create /dev/md/dcb0db3a-81c6-11e5-84e5-08002780734e --level=mirror --raid-devices 2 /dev/sdc /dev/sdd
mdadm: Note: this array has metadata at the start and
may not be suitable as a boot device. If you plan to
store '/boot' on this device please ensure that
your boot-loader understands md/v1.x metadata, or use
--metadata=0.90
Continue creating array? yes
*** buffer overflow detected ***: ./mdadm terminated
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x7338f)[0x7fb5e493d38f]
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x5c)[0x7fb5e49d4c9c]
/lib/x86_64-linux-gnu/libc.so.6(+0x109b60)[0x7fb5e49d3b60]
./mdadm[0x42e045]
./mdadm[0x419873]
./mdadm[0x404fbb]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5)[0x7fb5e48ebec5]
./mdadm[0x40821a]
======= Memory map: ========
00400000-0046a000 r-xp 00000000 ca:01 412228 /home/ubuntu/t/sbin/mdadm
00669000-0066a000 r--p 00069000 ca:01 412228 /home/ubuntu/t/sbin/mdadm
0066a000-00671000 rw-p 0006a000 ca:01 412228 /home/ubuntu/t/sbin/mdadm
00671000-00684000 rw-p 00000000 00:00 0
00957000-00994000 rw-p 00000000 00:00 0 [heap]
7fb5e3e78000-7fb5e3e8e000 r-xp 00000000 ca:01 396056 /lib/x86_64-linux-gnu/libgcc_s.so.1
7fb5e3e8e000-7fb5e408d000 ---p 00016000 ca:01 396056 /lib/x86_64-linux-gnu/libgcc_s.so.1
7fb5e408d000-7fb5e408e000 rw-p 00015000 ca:01 396056 /lib/x86_64-linux-gnu/libgcc_s.so.1
7fb5e408e000-7fb5e4099000 r-xp 00000000 ca:01 396076 /lib/x86_64-linux-gnu/libnss_files-2.19.so
7fb5e4099000-7fb5e4298000 ---p 0000b000 ca:01 396076 /lib/x86_64-linux-gnu/libnss_files-2.19.so
7fb5e4298000-7fb5e4299000 r--p 0000a000 ca:01 396076 /lib/x86_64-linux-gnu/libnss_files-2.19.so
7fb5e4299000-7fb5e429a000 rw-p 0000b000 ca:01 396076 /lib/x86_64-linux-gnu/libnss_files-2.19.so
7fb5e429a000-7fb5e42a5000 r-xp 00000000 ca:01 396078 /lib/x86_64-linux-gnu/libnss_nis-2.19.so
7fb5e42a5000-7fb5e44a4000 ---p 0000b000 ca:01 396078 /lib/x86_64-linux-gnu/libnss_nis-2.19.so
7fb5e44a4000-7fb5e44a5000 r--p 0000a000 ca:01 396078 /lib/x86_64-linux-gnu/libnss_nis-2.19.so
7fb5e44a5000-7fb5e44a6000 rw-p 0000b000 ca:01 396078 /lib/x86_64-linux-gnu/libnss_nis-2.19.so
7fb5e44a6000-7fb5e44bd000 r-xp 00000000 ca:01 396073 /lib/x86_64-linux-gnu/libnsl-2.19.so
7fb5e44bd000-7fb5e46bc000 ---p 00017000 ca:01 396073 /lib/x86_64-linux-gnu/libnsl-2.19.so
7fb5e46bc000-7fb5e46bd000 r--p 00016000 ca:01 396073 /lib/x86_64-linux-gnu/libnsl-2.19.so
7fb5e46bd000-7fb5e46be000 rw-p 00017000 ca:01 396073 /lib/x86_64-linux-gnu/libnsl-2.19.so
7fb5e46be000-7fb5e46c0000 rw-p 00000000 00:00 0
7fb5e46c0000-7fb5e46c9000 r-xp 00000000 ca:01 396074 /lib/x86_64-linux-gnu/libnss_compat-2.19.so
7fb5e46c9000-7fb5e48c8000 ---p 00009000 ca:01 396074 /lib/x86_64-linux-gnu/libnss_compat-2.19.so
7fb5e48c8000-7fb5e48c9000 r--p 00008000 ca:01 396074 /lib/x86_64-linux-gnu/libnss_compat-2.19.so
7fb5e48c9000-7fb5e48ca000 rw-p 00009000 ca:01 396074 /lib/x86_64-linux-gnu/libnss_compat-2.19.so
7fb5e48ca000-7fb5e4a85000 r-xp 00000000 ca:01 396042 /lib/x86_64-linux-gnu/libc-2.19.so
7fb5e4a85000-7fb5e4c84000 ---p 001bb000 ca:01 396042 /lib/x86_64-linux-gnu/libc-2.19.so
7fb5e4c84000-7fb5e4c88000 r--p 001ba000 ca:01 396042 /lib/x86_64-linux-gnu/libc-2.19.so
7fb5e4c88000-7fb5e4c8a000 rw-p 001be000 ca:01 396042 /lib/x86_64-linux-gnu/libc-2.19.so
7fb5e4c8a000-7fb5e4c8f000 rw-p 00000000 00:00 0
7fb5e4c8f000-7fb5e4cb2000 r-xp 00000000 ca:01 396032 /lib/x86_64-linux-gnu/ld-2.19.so
7fb5e4ea5000-7fb5e4ea8000 rw-p 00000000 00:00 0
7fb5e4eac000-7fb5e4eb1000 rw-p 00000000 00:00 0
7fb5e4eb1000-7fb5e4eb2000 r--p 00022000 ca:01 396032 /lib/x86_64-linux-gnu/ld-2.19.so
7fb5e4eb2000-7fb5e4eb3000 rw-p 00023000 ca:01 396032 /lib/x86_64-linux-gnu/ld-2.19.so
7fb5e4eb3000-7fb5e4eb4000 rw-p 00000000 00:00 0
7ffc5258b000-7ffc525ac000 rw-p 00000000 00:00 0 [stack]
7ffc525b0000-7ffc525b2000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
I tried shorter name for device, and if it's less than 30 characters, it
would be fine.
The weird thing is, I've tried to compile from
source(http://archive.ubuntu.com/ubuntu/pool/main/m/mdadm/mdadm_3.2.5.orig.tar.bz2
and patch the patches in
http://archive.ubuntu.com/ubuntu/pool/main/m/mdadm/mdadm_3.2.5-5ubuntu4.debian.tar.bz2
). It works well.
** Affects: mdadm (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to mdadm in Ubuntu.
https://bugs.launchpad.net/bugs/1512554
Title:
mdadm crash due to buffer overflow when device name is more than 30
chars
Status in mdadm package in Ubuntu:
New
Bug description:
$ cat /etc/issue
Ubuntu 14.04.2 LTS \n \l
$ sudo mdadm --version
mdadm - v3.2.5 - 18th May 2012
$ sudo mdadm --create /dev/md/dcb0db3a-81c6-11e5-84e5-08002780734e --level=mirror --raid-devices 2 /dev/sdc /dev/sdd
mdadm: Note: this array has metadata at the start and
may not be suitable as a boot device. If you plan to
store '/boot' on this device please ensure that
your boot-loader understands md/v1.x metadata, or use
--metadata=0.90
Continue creating array? yes
*** buffer overflow detected ***: ./mdadm terminated
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x7338f)[0x7fb5e493d38f]
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x5c)[0x7fb5e49d4c9c]
/lib/x86_64-linux-gnu/libc.so.6(+0x109b60)[0x7fb5e49d3b60]
./mdadm[0x42e045]
./mdadm[0x419873]
./mdadm[0x404fbb]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5)[0x7fb5e48ebec5]
./mdadm[0x40821a]
======= Memory map: ========
00400000-0046a000 r-xp 00000000 ca:01 412228 /home/ubuntu/t/sbin/mdadm
00669000-0066a000 r--p 00069000 ca:01 412228 /home/ubuntu/t/sbin/mdadm
0066a000-00671000 rw-p 0006a000 ca:01 412228 /home/ubuntu/t/sbin/mdadm
00671000-00684000 rw-p 00000000 00:00 0
00957000-00994000 rw-p 00000000 00:00 0 [heap]
7fb5e3e78000-7fb5e3e8e000 r-xp 00000000 ca:01 396056 /lib/x86_64-linux-gnu/libgcc_s.so.1
7fb5e3e8e000-7fb5e408d000 ---p 00016000 ca:01 396056 /lib/x86_64-linux-gnu/libgcc_s.so.1
7fb5e408d000-7fb5e408e000 rw-p 00015000 ca:01 396056 /lib/x86_64-linux-gnu/libgcc_s.so.1
7fb5e408e000-7fb5e4099000 r-xp 00000000 ca:01 396076 /lib/x86_64-linux-gnu/libnss_files-2.19.so
7fb5e4099000-7fb5e4298000 ---p 0000b000 ca:01 396076 /lib/x86_64-linux-gnu/libnss_files-2.19.so
7fb5e4298000-7fb5e4299000 r--p 0000a000 ca:01 396076 /lib/x86_64-linux-gnu/libnss_files-2.19.so
7fb5e4299000-7fb5e429a000 rw-p 0000b000 ca:01 396076 /lib/x86_64-linux-gnu/libnss_files-2.19.so
7fb5e429a000-7fb5e42a5000 r-xp 00000000 ca:01 396078 /lib/x86_64-linux-gnu/libnss_nis-2.19.so
7fb5e42a5000-7fb5e44a4000 ---p 0000b000 ca:01 396078 /lib/x86_64-linux-gnu/libnss_nis-2.19.so
7fb5e44a4000-7fb5e44a5000 r--p 0000a000 ca:01 396078 /lib/x86_64-linux-gnu/libnss_nis-2.19.so
7fb5e44a5000-7fb5e44a6000 rw-p 0000b000 ca:01 396078 /lib/x86_64-linux-gnu/libnss_nis-2.19.so
7fb5e44a6000-7fb5e44bd000 r-xp 00000000 ca:01 396073 /lib/x86_64-linux-gnu/libnsl-2.19.so
7fb5e44bd000-7fb5e46bc000 ---p 00017000 ca:01 396073 /lib/x86_64-linux-gnu/libnsl-2.19.so
7fb5e46bc000-7fb5e46bd000 r--p 00016000 ca:01 396073 /lib/x86_64-linux-gnu/libnsl-2.19.so
7fb5e46bd000-7fb5e46be000 rw-p 00017000 ca:01 396073 /lib/x86_64-linux-gnu/libnsl-2.19.so
7fb5e46be000-7fb5e46c0000 rw-p 00000000 00:00 0
7fb5e46c0000-7fb5e46c9000 r-xp 00000000 ca:01 396074 /lib/x86_64-linux-gnu/libnss_compat-2.19.so
7fb5e46c9000-7fb5e48c8000 ---p 00009000 ca:01 396074 /lib/x86_64-linux-gnu/libnss_compat-2.19.so
7fb5e48c8000-7fb5e48c9000 r--p 00008000 ca:01 396074 /lib/x86_64-linux-gnu/libnss_compat-2.19.so
7fb5e48c9000-7fb5e48ca000 rw-p 00009000 ca:01 396074 /lib/x86_64-linux-gnu/libnss_compat-2.19.so
7fb5e48ca000-7fb5e4a85000 r-xp 00000000 ca:01 396042 /lib/x86_64-linux-gnu/libc-2.19.so
7fb5e4a85000-7fb5e4c84000 ---p 001bb000 ca:01 396042 /lib/x86_64-linux-gnu/libc-2.19.so
7fb5e4c84000-7fb5e4c88000 r--p 001ba000 ca:01 396042 /lib/x86_64-linux-gnu/libc-2.19.so
7fb5e4c88000-7fb5e4c8a000 rw-p 001be000 ca:01 396042 /lib/x86_64-linux-gnu/libc-2.19.so
7fb5e4c8a000-7fb5e4c8f000 rw-p 00000000 00:00 0
7fb5e4c8f000-7fb5e4cb2000 r-xp 00000000 ca:01 396032 /lib/x86_64-linux-gnu/ld-2.19.so
7fb5e4ea5000-7fb5e4ea8000 rw-p 00000000 00:00 0
7fb5e4eac000-7fb5e4eb1000 rw-p 00000000 00:00 0
7fb5e4eb1000-7fb5e4eb2000 r--p 00022000 ca:01 396032 /lib/x86_64-linux-gnu/ld-2.19.so
7fb5e4eb2000-7fb5e4eb3000 rw-p 00023000 ca:01 396032 /lib/x86_64-linux-gnu/ld-2.19.so
7fb5e4eb3000-7fb5e4eb4000 rw-p 00000000 00:00 0
7ffc5258b000-7ffc525ac000 rw-p 00000000 00:00 0 [stack]
7ffc525b0000-7ffc525b2000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
I tried shorter name for device, and if it's less than 30 characters,
it would be fine.
The weird thing is, I've tried to compile from
source(http://archive.ubuntu.com/ubuntu/pool/main/m/mdadm/mdadm_3.2.5.orig.tar.bz2
and patch the patches in
http://archive.ubuntu.com/ubuntu/pool/main/m/mdadm/mdadm_3.2.5-5ubuntu4.debian.tar.bz2
). It works well.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mdadm/+bug/1512554/+subscriptions
More information about the foundations-bugs
mailing list