[Bug 1808092] [NEW] Checking and handling various filetypes in fmt

Snahil Singh 1808092 at bugs.launchpad.net
Wed Dec 12 04:41:13 UTC 2018 

*** This bug is a security vulnerability ***

Public security bug reported:

fmt doesn't check filetypes of the input arguments passed to it, it just
opens the file and reads from it without checking its st_mode. It only
throws an error if the file doesn't exist and can't handle the following
filetypes - S_IFCHR, S_IFBLK and S_IFBLK. Passing a file from any of
these types will possibly hang or crash the application.

For more reference, please visit the below link- 
(https://github.com/pkmoore/rrapper/blob/master/anomalies/weird_filetypes.md)

I have attached a patch that checks for the above mentioned filetypes and handles them accordingly.
Please let me know if you have any questions or suggestions regarding this, will be happy to answer them.

Thank you
Snahil Singh 
ss11381 at nyu.edu

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: coreutils 8.28-1ubuntu1
ProcVersionSignature: Ubuntu 4.15.0-39.42-generic 4.15.18
Uname: Linux 4.15.0-39-generic i686
ApportVersion: 2.20.9-0ubuntu7.5
Architecture: i386
CurrentDesktop: XFCE
Date: Tue Dec 11 20:01:58 2018
ExecutablePath: /usr/bin/fmt
InstallationDate: Installed on 2018-11-07 (35 days ago)
InstallationMedia: Xubuntu 18.04 LTS "Bionic Beaver" - Release i386 (20180426)
SourcePackage: coreutils
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: coreutils (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: apport-bug bionic i386

** Patch added: "Patch to check and handle filetypes in fmt"
   https://bugs.launchpad.net/bugs/1808092/+attachment/5221538/+files/fmt.patch

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to coreutils in Ubuntu.
https://bugs.launchpad.net/bugs/1808092

Title:
  Checking and handling various filetypes in fmt

Status in coreutils package in Ubuntu:
  New

Bug description:
  fmt doesn't check filetypes of the input arguments passed to it, it
  just opens the file and reads from it without checking its st_mode. It
  only throws an error if the file doesn't exist and can't handle the
  following filetypes - S_IFCHR, S_IFBLK and S_IFBLK. Passing a file
  from any of these types will possibly hang or crash the application.

  For more reference, please visit the below link- 
  (https://github.com/pkmoore/rrapper/blob/master/anomalies/weird_filetypes.md)

  I have attached a patch that checks for the above mentioned filetypes and handles them accordingly.
  Please let me know if you have any questions or suggestions regarding this, will be happy to answer them.

  Thank you
  Snahil Singh 
  ss11381 at nyu.edu

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: coreutils 8.28-1ubuntu1
  ProcVersionSignature: Ubuntu 4.15.0-39.42-generic 4.15.18
  Uname: Linux 4.15.0-39-generic i686
  ApportVersion: 2.20.9-0ubuntu7.5
  Architecture: i386
  CurrentDesktop: XFCE
  Date: Tue Dec 11 20:01:58 2018
  ExecutablePath: /usr/bin/fmt
  InstallationDate: Installed on 2018-11-07 (35 days ago)
  InstallationMedia: Xubuntu 18.04 LTS "Bionic Beaver" - Release i386 (20180426)
  SourcePackage: coreutils
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/coreutils/+bug/1808092/+subscriptions

More information about the foundations-bugs mailing list