[Bug 1837755] [NEW] usbrelay buffer overflows from argv

[jenna]

Public bug reported:

The program copies strings from argv into fixed size heap buffers with
unchecked strcpy.

https://salsa.debian.org/debian/usbrelay/blob/master/usbrelay.c#L60

$ usbrelay 1111111111 
*** buffer overflow detected ***: usbrelay terminated 
Aborted (core dumped)


$ lsb_release -rd
Description:    Ubuntu 18.04.2 LTS
Release:        18.04

$ apt-cache policy usbrelay
usbrelay:
  Installed: 0.2-1build1
  Candidate: 0.2-1build1
  Version table:
 *** 0.2-1build1 500
        500 http://us.archive.ubuntu.com/ubuntu bionic/universe amd64 Packages
        100 /var/lib/dpkg/status

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: ubuntu-release-upgrader-core 1:18.04.34
ProcVersionSignature: Ubuntu 4.18.0-25.26~18.04.1-generic 4.18.20
Uname: Linux 4.18.0-25-generic x86_64
NonfreeKernelModules: nvidia_modeset nvidia
ApportVersion: 2.20.9-0ubuntu7.7
Architecture: amd64
CrashDB: ubuntu
CurrentDesktop: KDE
Date: Wed Jul 24 11:36:41 2019
InstallationDate: Installed on 2019-06-10 (43 days ago)
InstallationMedia: Kubuntu 18.04.2 LTS "Bionic Beaver" - Release amd64 (20190210)
PackageArchitecture: all
SourcePackage: ubuntu-release-upgrader
Symptom: release-upgrade
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: ubuntu-release-upgrader (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug bionic dist-upgrade

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ubuntu-release-upgrader in
Ubuntu.
https://bugs.launchpad.net/bugs/1837755

Title:
  usbrelay buffer overflows from argv

Status in ubuntu-release-upgrader package in Ubuntu:
  New

Bug description:
  The program copies strings from argv into fixed size heap buffers with
  unchecked strcpy.

  https://salsa.debian.org/debian/usbrelay/blob/master/usbrelay.c#L60

  $ usbrelay 1111111111 
  *** buffer overflow detected ***: usbrelay terminated 
  Aborted (core dumped)

  
  $ lsb_release -rd
  Description:    Ubuntu 18.04.2 LTS
  Release:        18.04

  $ apt-cache policy usbrelay
  usbrelay:
    Installed: 0.2-1build1
    Candidate: 0.2-1build1
    Version table:
   *** 0.2-1build1 500
          500 http://us.archive.ubuntu.com/ubuntu bionic/universe amd64 Packages
          100 /var/lib/dpkg/status

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: ubuntu-release-upgrader-core 1:18.04.34
  ProcVersionSignature: Ubuntu 4.18.0-25.26~18.04.1-generic 4.18.20
  Uname: Linux 4.18.0-25-generic x86_64
  NonfreeKernelModules: nvidia_modeset nvidia
  ApportVersion: 2.20.9-0ubuntu7.7
  Architecture: amd64
  CrashDB: ubuntu
  CurrentDesktop: KDE
  Date: Wed Jul 24 11:36:41 2019
  InstallationDate: Installed on 2019-06-10 (43 days ago)
  InstallationMedia: Kubuntu 18.04.2 LTS "Bionic Beaver" - Release amd64 (20190210)
  PackageArchitecture: all
  SourcePackage: ubuntu-release-upgrader
  Symptom: release-upgrade
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-release-upgrader/+bug/1837755/+subscriptions