[PR PATCH] expect 5.45.4_3: Fix the buffer overlow while logging

[PR PATCH] expect 5.45.4_3: Fix the buffer overlow while logging

[shahab-vahedi]

[-- Attachment #1: Type: text/plain, Size: 1018 bytes --]

There is a new pull request by shahab-vahedi against master on the void-packages repository

https://github.com/shahab-vahedi/void-packages expect-fix
https://github.com/void-linux/void-packages/pull/26861

expect 5.45.4_3: Fix the buffer overlow while logging
There is a buffer overflow issue with "expect" when you run it
with "--debug" flag and the expected string is too big [1].

This patch was already proposed 7 years ago [2] but never found
its away upstream. Other distros also fix it locally [3]. It's
time we have it fixed in Void Linux as well.

[1] Bug 26986 - *** buffer overflow detected ***: expect terminated
https://sourceware.org/bugzilla/show_bug.cgi?id=26986

[2] Expect / Bugs / #95 buffer overflow in exp_log.c
https://sourceforge.net/p/expect/bugs/95/

[3] fedora fixing the overflow in expect
https://src.fedoraproject.org/rpms/expect/blob/master/f/expect-5.45-exp-log-buf-overflow.patch

A patch file from https://github.com/void-linux/void-packages/pull/26861.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-expect-fix-26861.patch --]
[-- Type: text/x-diff, Size: 2652 bytes --]

From 4cc9e9af87ec97308176a694e7b408820108e9ed Mon Sep 17 00:00:00 2001
From: Shahab Vahedi <shahab.vahedi@gmail.com>
Date: Tue, 1 Dec 2020 13:04:15 +0100
Subject: [PATCH] expect 5.45.4_3: Fix the buffer overlow while logging

There is a buffer overflow issue with "expect" when you run it
with "--debug" flag and the expected string is too big [1].

This patch was already proposed 7 years ago [2] but never found
its away upstream. Other distros also fix it locally [3]. It's
time we have it fixed in Void Linux as well.

[1] Bug 26986 - *** buffer overflow detected ***: expect terminated
https://sourceware.org/bugzilla/show_bug.cgi?id=26986

[2] Expect / Bugs / #95 buffer overflow in exp_log.c
https://sourceforge.net/p/expect/bugs/95/

[3] fedora fixing the overflow in expect
https://src.fedoraproject.org/rpms/expect/blob/master/f/expect-5.45-exp-log-buf-overflow.patch
---
 ...005-fix-buffer-overflow-when-logging.patch | 22 +++++++++++++++++++
 srcpkgs/expect/template                       |  2 +-
 2 files changed, 23 insertions(+), 1 deletion(-)
 create mode 100644 srcpkgs/expect/patches/0005-fix-buffer-overflow-when-logging.patch

diff --git a/srcpkgs/expect/patches/0005-fix-buffer-overflow-when-logging.patch b/srcpkgs/expect/patches/0005-fix-buffer-overflow-when-logging.patch
new file mode 100644
index 00000000000..cc69ab474de
--- /dev/null
+++ b/srcpkgs/expect/patches/0005-fix-buffer-overflow-when-logging.patch
@@ -0,0 +1,22 @@
+*** exp_log.c	2020-12-01 12:09:21.839702061 +0100
+--- exp_log.c.patched	2020-12-01 12:09:43.075701160 +0100
+*************** expStdoutLog TCL_VARARGS_DEF(int,arg1)
+*** 179 ****
+!     (void) vsprintf(bigbuf,fmt,args);
+--- 179 ----
+!     (void) vsnprintf(bigbuf,sizeof(bigbuf),fmt,args);
+*************** expErrorLog TCL_VARARGS_DEF(char *,arg1)
+*** 225 ****
+!     (void) vsprintf(bigbuf,fmt,args);
+--- 225 ----
+!     (void) vsnprintf(bigbuf,sizeof(bigbuf),fmt,args);
+*************** expDiagLog TCL_VARARGS_DEF(char *,arg1)
+*** 267 ****
+!     (void) vsprintf(bigbuf,fmt,args);
+--- 267 ----
+!     (void) vsnprintf(bigbuf,sizeof(bigbuf),fmt,args);
+*************** expPrintf TCL_VARARGS_DEF(char *,arg1)
+*** 310 ****
+!   len = vsprintf(bigbuf,arg1,args);
+--- 310 ----
+!   len = vsnprintf(bigbuf,sizeof(bigbuf),arg1,args);
diff --git a/srcpkgs/expect/template b/srcpkgs/expect/template
index 664f91cdb40..2d0bdbd4e44 100644
--- a/srcpkgs/expect/template
+++ b/srcpkgs/expect/template
@@ -1,7 +1,7 @@
 # Template file for 'expect'
 pkgname=expect
 version=5.45.4
-revision=2
+revision=3
 wrksrc=${pkgname}${version}
 build_style=gnu-configure
 configure_args="expect_cv_wnohang_value=1"

Re: expect 5.45.4_3: Fix the buffer overlow while logging

[ericonr]

[-- Attachment #1: Type: text/plain, Size: 294 bytes --]

New comment by ericonr on void-packages repository

https://github.com/void-linux/void-packages/pull/26861#issuecomment-736550743

Comment:
Would you mind using the patch directly from fedora?

Also, using `vsnprintf` means you can lose information, even if it avoids the buffer overflows...

Re: expect 5.45.4_3: Fix the buffer overlow while logging

[shahab-vahedi]

[-- Attachment #1: Type: text/plain, Size: 612 bytes --]

New comment by shahab-vahedi on void-packages repository

https://github.com/void-linux/void-packages/pull/26861#issuecomment-736564215

Comment:
> Would you mind using the patch directly from fedora?

If you think it would be better, sure!

> Also, using `vsnprintf` means you can lose information, even if it avoids the buffer overflows...

If one doesn't one to lose the data, then the `bigbuf` should be handled dynamically. That would be a more error-prone patch than this one. Given a `*** buffer overflow detected ***: expect terminated`, I think loosing the data at offsets _2000+_ should be OK.

Re: expect 5.45.4_3: Fix the buffer overlow while logging

[shahab-vahedi]

[-- Attachment #1: Type: text/plain, Size: 1623 bytes --]

New comment by shahab-vahedi on void-packages repository

https://github.com/void-linux/void-packages/pull/26861#issuecomment-736564215

Comment:
> Would you mind using the patch directly from fedora?

Fedora's patch is not readily usable:
```
=> expect-5.45.4_3: patching: 0004-cross-misc.patch.
=> expect-5.45.4_3: patching: 0005-fix-buf-overflow-when-logging.patch.
The text leading up to this was:
--------------------------
|diff -up expect5.45/exp_log.c.orig expect5.45/exp_log.c
|--- expect5.45/exp_log.c.orig	2013-12-12 12:43:38.527854189 +0100
|+++ expect5.45/exp_log.c	2013-12-12 12:49:26.866576387 +0100
--------------------------
File to patch: 
Skip this patch? [y] 
4 out of 4 hunks ignored
=> ERROR: expect-5.45.4_3: do-patch_00-patches: 'patch -sl ${_args} -i ${_patch} 2> /dev/null' exited with 1
=> ERROR:   in _process_patch() at common/hooks/do-patch/00-patches.sh:34
=> ERROR:   in hook() at common/hooks/do-patch/00-patches.sh:51
=> ERROR:   in run_func() at common/xbps-src/shutils/common.sh:21
=> ERROR:   in run_pkg_hooks() at common/xbps-src/shutils/common.sh:245
=> ERROR:   in run_step() at common/xbps-src/shutils/common.sh:71
=> ERROR:   in main() at common/xbps-src/libexec/xbps-src-dopatch.sh:33
```

> Also, using `vsnprintf` means you can lose information, even if it avoids the buffer overflows...

If one doesn't one to lose the data, then the `bigbuf` should be handled dynamically. That would be a more error-prone patch than this one. Given a `*** buffer overflow detected ***: expect terminated`, I think loosing the data at offsets _2000+_ should be OK.

Re: expect 5.45.4_3: Fix the buffer overlow while logging

[shahab-vahedi]

[-- Attachment #1: Type: text/plain, Size: 574 bytes --]

New comment by shahab-vahedi on void-packages repository

https://github.com/void-linux/void-packages/pull/26861#issuecomment-736564215

Comment:
> Would you mind using the patch directly from fedora?



> Also, using `vsnprintf` means you can lose information, even if it avoids the buffer overflows...

If one doesn't one to lose the data, then the `bigbuf` should be handled dynamically. That would be a more error-prone patch than this one. Given a `*** buffer overflow detected ***: expect terminated`, I think loosing the data at offsets _2000+_ should be OK.

Re: expect 5.45.4_3: Fix the buffer overlow while logging

[ericonr]

[-- Attachment #1: Type: text/plain, Size: 222 bytes --]

New comment by ericonr on void-packages repository

https://github.com/void-linux/void-packages/pull/26861#issuecomment-736574064

Comment:
Fair enough :)

It would be nice if upstream came up with a proper fix, though.

Re: expect 5.45.4_3: Fix the buffer overlow while logging

[shahab-vahedi]

[-- Attachment #1: Type: text/plain, Size: 1584 bytes --]

New comment by shahab-vahedi on void-packages repository

https://github.com/void-linux/void-packages/pull/26861#issuecomment-736564215

Comment:
> Would you mind using the patch directly from fedora?

```
=> expect-5.45.4_3: patching: 0004-cross-misc.patch.
=> expect-5.45.4_3: patching: 0005-fix-buf-overflow-when-logging.patch.
The text leading up to this was:
--------------------------
|diff -up expect5.45/exp_log.c.orig expect5.45/exp_log.c
|--- expect5.45/exp_log.c.orig	2013-12-12 12:43:38.527854189 +0100
|+++ expect5.45/exp_log.c	2013-12-12 12:49:26.866576387 +0100
--------------------------
File to patch: 
Skip this patch? [y] 
4 out of 4 hunks ignored
=> ERROR: expect-5.45.4_3: do-patch_00-patches: 'patch -sl ${_args} -i ${_patch} 2> /dev/null' exited with 1
=> ERROR:   in _process_patch() at common/hooks/do-patch/00-patches.sh:34
=> ERROR:   in hook() at common/hooks/do-patch/00-patches.sh:51
=> ERROR:   in run_func() at common/xbps-src/shutils/common.sh:21
=> ERROR:   in run_pkg_hooks() at common/xbps-src/shutils/common.sh:245
=> ERROR:   in run_step() at common/xbps-src/shutils/common.sh:71
=> ERROR:   in main() at common/xbps-src/libexec/xbps-src-dopatch.sh:33

> Also, using `vsnprintf` means you can lose information, even if it avoids the buffer overflows...

If one doesn't one to lose the data, then the `bigbuf` should be handled dynamically. That would be a more error-prone patch than this one. Given a `*** buffer overflow detected ***: expect terminated`, I think loosing the data at offsets _2000+_ should be OK.
```

Re: expect 5.45.4_3: Fix the buffer overlow while logging

[shahab-vahedi]

[-- Attachment #1: Type: text/plain, Size: 1630 bytes --]

New comment by shahab-vahedi on void-packages repository

https://github.com/void-linux/void-packages/pull/26861#issuecomment-736564215

Comment:
> Would you mind using the patch directly from fedora?

That patch cannot be readily used by us.

```
=> expect-5.45.4_3: patching: 0004-cross-misc.patch.
=> expect-5.45.4_3: patching: 0005-fix-buf-overflow-when-logging.patch.
The text leading up to this was:
--------------------------
|diff -up expect5.45/exp_log.c.orig expect5.45/exp_log.c
|--- expect5.45/exp_log.c.orig	2013-12-12 12:43:38.527854189 +0100
|+++ expect5.45/exp_log.c	2013-12-12 12:49:26.866576387 +0100
--------------------------
File to patch: 
Skip this patch? [y] 
4 out of 4 hunks ignored
=> ERROR: expect-5.45.4_3: do-patch_00-patches: 'patch -sl ${_args} -i ${_patch} 2> /dev/null' exited with 1
=> ERROR:   in _process_patch() at common/hooks/do-patch/00-patches.sh:34
=> ERROR:   in hook() at common/hooks/do-patch/00-patches.sh:51
=> ERROR:   in run_func() at common/xbps-src/shutils/common.sh:21
=> ERROR:   in run_pkg_hooks() at common/xbps-src/shutils/common.sh:245
=> ERROR:   in run_step() at common/xbps-src/shutils/common.sh:71
=> ERROR:   in main() at common/xbps-src/libexec/xbps-src-dopatch.sh:33
```

> Also, using `vsnprintf` means you can lose information, even if it avoids the buffer overflows...

If one doesn't one to lose the data, then the `bigbuf` should be handled dynamically. That would be a more error-prone patch than this one. Given a `*** buffer overflow detected ***: expect terminated`, I think loosing the data at offsets _2000+_ should be OK.

Re: [PR PATCH] [Updated] expect 5.45.4_3: Fix the buffer overlow while logging

[shahab-vahedi]

[-- Attachment #1: Type: text/plain, Size: 1023 bytes --]

There is an updated pull request by shahab-vahedi against master on the void-packages repository

https://github.com/shahab-vahedi/void-packages expect-fix
https://github.com/void-linux/void-packages/pull/26861

expect 5.45.4_3: Fix the buffer overlow while logging
There is a buffer overflow issue with "expect" when you run it
with "--debug" flag and the expected string is too big [1].

This patch was already proposed 7 years ago [2] but never found
its away upstream. Other distros also fix it locally [3]. It's
time we have it fixed in Void Linux as well.

[1] Bug 26986 - *** buffer overflow detected ***: expect terminated
https://sourceware.org/bugzilla/show_bug.cgi?id=26986

[2] Expect / Bugs / #95 buffer overflow in exp_log.c
https://sourceforge.net/p/expect/bugs/95/

[3] fedora fixing the overflow in expect
https://src.fedoraproject.org/rpms/expect/blob/master/f/expect-5.45-exp-log-buf-overflow.patch

A patch file from https://github.com/void-linux/void-packages/pull/26861.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-expect-fix-26861.patch --]
[-- Type: text/x-diff, Size: 3268 bytes --]

From d2106e46f52f959b1d812abec1ef100832245c03 Mon Sep 17 00:00:00 2001
From: Shahab Vahedi <shahab.vahedi@gmail.com>
Date: Tue, 1 Dec 2020 13:04:15 +0100
Subject: [PATCH] expect: Fix the buffer overlow while logging

There is a buffer overflow issue with "expect" when you run it
with "--debug" flag and the expected string is too big [1].

This patch was already proposed 7 years ago [2] but never found
its away upstream. Other distros also fix it locally [3]. It's
time we have it fixed in Void Linux as well.

[1] Bug 26986 - *** buffer overflow detected ***: expect terminated
https://sourceware.org/bugzilla/show_bug.cgi?id=26986

[2] Expect / Bugs / #95 buffer overflow in exp_log.c
https://sourceforge.net/p/expect/bugs/95/

[3] fedora fixing the overflow in expect
https://src.fedoraproject.org/rpms/expect/blob/master/f/expect-5.45-exp-log-buf-overflow.patch
---
 .../0005-fix-buf-overflow-when-logging.patch  | 39 +++++++++++++++++++
 srcpkgs/expect/template                       |  2 +-
 2 files changed, 40 insertions(+), 1 deletion(-)
 create mode 100644 srcpkgs/expect/patches/0005-fix-buf-overflow-when-logging.patch

diff --git a/srcpkgs/expect/patches/0005-fix-buf-overflow-when-logging.patch b/srcpkgs/expect/patches/0005-fix-buf-overflow-when-logging.patch
new file mode 100644
index 00000000000..2f63daf1972
--- /dev/null
+++ b/srcpkgs/expect/patches/0005-fix-buf-overflow-when-logging.patch
@@ -0,0 +1,39 @@
+diff -up exp_log.c.orig exp_log.c
+--- exp_log.c.orig	2013-12-12 12:43:38.527854189 +0100
++++ exp_log.c	2013-12-12 12:49:26.866576387 +0100
+@@ -176,7 +176,7 @@ expStdoutLog TCL_VARARGS_DEF(int,arg1)
+ 
+     if ((!tsdPtr->logUser) && (!force_stdout) && (!tsdPtr->logAll)) return;
+ 
+-    (void) vsprintf(bigbuf,fmt,args);
++    (void) vsnprintf(bigbuf,sizeof(bigbuf),fmt,args);
+     expDiagWriteBytes(bigbuf,-1);
+     if (tsdPtr->logAll || (LOGUSER && tsdPtr->logChannel)) Tcl_WriteChars(tsdPtr->logChannel,bigbuf,-1);
+     if (LOGUSER) fprintf(stdout,"%s",bigbuf);
+@@ -222,7 +222,7 @@ expErrorLog TCL_VARARGS_DEF(char *,arg1)
+     va_list args;
+ 
+     fmt = TCL_VARARGS_START(char *,arg1,args);
+-    (void) vsprintf(bigbuf,fmt,args);
++    (void) vsnprintf(bigbuf,sizeof(bigbuf),fmt,args);
+ 
+     expDiagWriteChars(bigbuf,-1);
+     fprintf(stderr,"%s",bigbuf);
+@@ -264,7 +264,7 @@ expDiagLog TCL_VARARGS_DEF(char *,arg1)
+ 
+     fmt = TCL_VARARGS_START(char *,arg1,args);
+ 
+-    (void) vsprintf(bigbuf,fmt,args);
++    (void) vsnprintf(bigbuf,sizeof(bigbuf),fmt,args);
+ 
+     expDiagWriteBytes(bigbuf,-1);
+     if (tsdPtr->diagToStderr) {
+@@ -307,7 +307,7 @@ expPrintf TCL_VARARGS_DEF(char *,arg1)
+   int len, rc;
+ 
+   fmt = TCL_VARARGS_START(char *,arg1,args);
+-  len = vsprintf(bigbuf,arg1,args);
++  len = vsnprintf(bigbuf,sizeof(bigbuf),arg1,args);
+  retry:
+   rc = write(2,bigbuf,len);
+   if ((rc == -1) && (errno == EAGAIN)) goto retry;
diff --git a/srcpkgs/expect/template b/srcpkgs/expect/template
index 664f91cdb40..2d0bdbd4e44 100644
--- a/srcpkgs/expect/template
+++ b/srcpkgs/expect/template
@@ -1,7 +1,7 @@
 # Template file for 'expect'
 pkgname=expect
 version=5.45.4
-revision=2
+revision=3
 wrksrc=${pkgname}${version}
 build_style=gnu-configure
 configure_args="expect_cv_wnohang_value=1"

Re: expect: Fix the buffer overlow while logging

[shahab-vahedi]

[-- Attachment #1: Type: text/plain, Size: 579 bytes --]

New comment by shahab-vahedi on void-packages repository

https://github.com/void-linux/void-packages/pull/26861#issuecomment-736564215

Comment:
> Would you mind using the patch directly from fedora?

Sure!

> Also, using `vsnprintf` means you can lose information, even if it avoids the buffer overflows...

If one doesn't one to lose the data, then the `bigbuf` should be handled dynamically. That would be a more error-prone patch than this one. Given a `*** buffer overflow detected ***: expect terminated`, I think loosing the data at offsets _2000+_ should be OK.

Re: expect: Fix the buffer overlow while logging

[shahab-vahedi]

[-- Attachment #1: Type: text/plain, Size: 575 bytes --]

New comment by shahab-vahedi on void-packages repository

https://github.com/void-linux/void-packages/pull/26861#issuecomment-736564215

Comment:
> Would you mind using the patch directly from fedora?
Done!

> Also, using `vsnprintf` means you can lose information, even if it avoids the buffer overflows...
If one doesn't one to lose the data, then the `bigbuf` should be handled dynamically. That would be a more error-prone patch than this one. Given a `*** buffer overflow detected ***: expect terminated`, I think loosing the data at offsets _2000+_ should be OK.

Re: expect: Fix the buffer overlow while logging

[shahab-vahedi]

[-- Attachment #1: Type: text/plain, Size: 579 bytes --]

New comment by shahab-vahedi on void-packages repository

https://github.com/void-linux/void-packages/pull/26861#issuecomment-736564215

Comment:
> Would you mind using the patch directly from fedora?

Done!

> Also, using `vsnprintf` means you can lose information, even if it avoids the buffer overflows...

If one doesn't one to lose the data, then the `bigbuf` should be handled dynamically. That would be a more error-prone patch than this one. Given a `*** buffer overflow detected ***: expect terminated`, I think loosing the data at offsets _2000+_ should be OK.

Re: expect: Fix the buffer overlow while logging

[shahab-vahedi]

[-- Attachment #1: Type: text/plain, Size: 578 bytes --]

New comment by shahab-vahedi on void-packages repository

https://github.com/void-linux/void-packages/pull/26861#issuecomment-736564215

Comment:
> Would you mind using the patch directly from fedora?

Done!

> Also, using `vsnprintf` means you can lose information, even if it avoids the buffer overflows...

If one doesn't one to lose the data, then the `bigbuf` should be handled dynamically. That would be a more error-prone patch than this one. Given a `*** buffer overflow detected ***: expect terminated`, I think losing the data at offsets _2000+_ should be OK.

Re: [PR PATCH] [Merged]: expect: Fix the buffer overlow while logging

[ericonr]

[-- Attachment #1: Type: text/plain, Size: 843 bytes --]

There's a merged pull request on the void-packages repository

expect: Fix the buffer overlow while logging
https://github.com/void-linux/void-packages/pull/26861

Description:
There is a buffer overflow issue with "expect" when you run it
with "--debug" flag and the expected string is too big [1].

This patch was already proposed 7 years ago [2] but never found
its away upstream. Other distros also fix it locally [3]. It's
time we have it fixed in Void Linux as well.

[1] Bug 26986 - *** buffer overflow detected ***: expect terminated
https://sourceware.org/bugzilla/show_bug.cgi?id=26986

[2] Expect / Bugs / #95 buffer overflow in exp_log.c
https://sourceforge.net/p/expect/bugs/95/

[3] fedora fixing the overflow in expect
https://src.fedoraproject.org/rpms/expect/blob/master/f/expect-5.45-exp-log-buf-overflow.patch