Opened 10 years ago

Last modified 9 years ago

#1243 new defect

IZ302: Unexpected password question causes buffer overflow in expect

Reported by: ernst Owned by:
Priority: high Milestone:
Component: testsuite Version: current
Severity: Keywords: framework
Cc:

Description

[Imported from gridengine issuezilla http://gridengine.sunsource.net/issues/show_bug.cgi?id=302]

        Issue #:      302             Platform:     All           Reporter: ernst (ernst)
       Component:     testsuite          OS:        All
     Subcomponent:    framework       Version:      current          CC:    None defined
        Status:       NEW             Priority:     P2
      Resolution:                    Issue type:    DEFECT
                                  Target milestone: milestone 1
      Assigned to:    issues@testsuite
      QA Contact:     joga
          URL:
       * Summary:     Unexpected password question causes buffer overflow in expect
   Status whiteboard:
      Attachments:

     Issue 302 blocks:
   Votes for issue 302:     Vote for this issue


   Opened: Sun Jun 14 23:36:00 -0700 2009 
------------------------


When I try to start a TS on Suse 11.1 (with expect 5.44.1.11) I get a password
question. After entering the root password expect runs into a buffer overflow.

What I do not understand is why I get a password question? My TS is configured
to use ssh without password and I also have no windows host in my configuration.
For what purpose does the TS need the root password?

Here is the dump when the buffer overflow occurs:

host access with password needed for user root on host su05
please enter the password, or "noroot" to start test suite without root access
user root's password:
*** buffer overflow detected ***: expect terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x48)[0xb7deedb8]
/lib/libc.so.6[0xb7decdd0]
/lib/libc.so.6[0xb7dec458]
/lib/libc.so.6(_IO_default_xsputn+0xa0)[0xb7d72c00]
/lib/libc.so.6(_IO_vfprintf+0x711)[0xb7d46671]
/lib/libc.so.6(__vsprintf_chk+0xa7)[0xb7dec507]
/lib/libc.so.6(__sprintf_chk+0x2d)[0xb7dec44d]
/usr/lib/libexpect5.44.1.11.so[0xb7fc5d35]
/usr/lib/libtcl8.5.so(TclInvokeStringCommand+0x76)[0xb7eb8956]
/usr/lib/libtcl8.5.so[0xb7ebb7cb]
/usr/lib/libtcl8.5.so[0xb7f051f6]
/usr/lib/libtcl8.5.so(TclObjInterpProcCore+0x18f)[0xb7f50c2f]
/usr/lib/libtcl8.5.so(TclObjInterpProc+0xb0)[0xb7f52590]
/usr/lib/libtcl8.5.so[0xb7ebb7cb]
/usr/lib/libtcl8.5.so[0xb7f051f6]
/usr/lib/libtcl8.5.so(TclObjInterpProcCore+0x18f)[0xb7f50c2f]
/usr/lib/libtcl8.5.so(TclObjInterpProc+0xb0)[0xb7f52590]
/usr/lib/libtcl8.5.so[0xb7ebb7cb]
/usr/lib/libtcl8.5.so[0xb7f051f6]
/usr/lib/libtcl8.5.so(TclObjInterpProcCore+0x18f)[0xb7f50c2f]
/usr/lib/libtcl8.5.so(TclObjInterpProc+0xb0)[0xb7f52590]
/usr/lib/libtcl8.5.so[0xb7ebb7cb]
/usr/lib/libtcl8.5.so[0xb7f051f6]
/usr/lib/libtcl8.5.so[0xb7f107fd]
/usr/lib/libtcl8.5.so(TclEvalObjEx+0x78)[0xb7ebd098]
/usr/lib/libtcl8.5.so[0xb7ece5cb]
/usr/lib/libtcl8.5.so[0xb7ebb7cb]
/usr/lib/libtcl8.5.so[0xb7f051f6]
/usr/lib/libtcl8.5.so(TclObjInterpProcCore+0x18f)[0xb7f50c2f]
/usr/lib/libtcl8.5.so(TclObjInterpProc+0xb0)[0xb7f52590]
/usr/lib/libtcl8.5.so[0xb7ebb7cb]
/usr/lib/libtcl8.5.so[0xb7f051f6]
/usr/lib/libtcl8.5.so[0xb7f107fd]
/usr/lib/libtcl8.5.so(TclEvalObjEx+0x78)[0xb7ebd098]
/usr/lib/libtcl8.5.so[0xb7ec946e]
/usr/lib/libtcl8.5.so[0xb7ebb7cb]
/usr/lib/libtcl8.5.so[0xb7ebc98e]
/usr/lib/libtcl8.5.so(Tcl_EvalEx+0x2e)[0xb7ebd01e]
/usr/lib/libtcl8.5.so(Tcl_FSEvalFileEx+0x14f)[0xb7f2d40f]
/usr/lib/libtcl8.5.so(Tcl_FSEvalFile+0x2c)[0xb7f2f628]
/usr/lib/libtcl8.5.so(Tcl_EvalFile+0x3b)[0xb7f2f669]
/usr/lib/libexpect5.44.1.11.so(exp_interpret_cmdfilename+0x55)[0xb7fc80d5]
expect(main+0x11a)[0x8048bba]
/lib/libc.so.6(__libc_start_main+0xe5)[0xb7d1e705]
expect[0x8048a01]
======= Memory map: ========
08048000-08049000 r-xp 00000000 08:02 64529      /usr/bin/expect
08049000-0804a000 r--p 00000000 08:02 64529      /usr/bin/expect
0804a000-0804b000 rw-p 00001000 08:02 64529      /usr/bin/expect
0804b000-09d5f000 rw-p 0804b000 00:00 0          [heap]
b4fb4000-b7bac000 rw-p b4fb4000 00:00 0
b7bac000-b7c2d000 rw-p b7c6e000 00:00 0
b7c8f000-b7cc4000 r--s 00000000 08:02 614143     /var/run/nscd/passwd
b7cc4000-b7d03000 r--p 00000000 08:02 90104      /usr/lib/locale/en_US.utf8/LC_CTYPE
b7d03000-b7d04000 rw-p b7d03000 00:00 0
b7d04000-b7d06000 r-xp 00000000 08:02 122686     /lib/libutil-2.9.so
b7d06000-b7d07000 r--p 00001000 08:02 122686     /lib/libutil-2.9.so
b7d07000-b7d08000 rw-p 00002000 08:02 122686     /lib/libutil-2.9.so
b7d08000-b7e5d000 r-xp 00000000 08:02 122651     /lib/libc-2.9.so
b7e5d000-b7e5e000 ---p 00155000 08:02 122651     /lib/libc-2.9.so
b7e5e000-b7e60000 r--p 00155000 08:02 122651     /lib/libc-2.9.so
b7e60000-b7e61000 rw-p 00157000 08:02 122651     /lib/libc-2.9.so
b7e61000-b7e65000 rw-p b7e61000 00:00 0
b7e65000-b7e8c000 r-xp 00000000 08:02 122660     /lib/libm-2.9.so
b7e8c000-b7e8d000 r--p 00026000 08:02 122660     /lib/libm-2.9.so
b7e8d000-b7e8e000 rw-p 00027000 08:02 122660     /lib/libm-2.9.so
b7e8e000-b7e91000 r-xp 00000000 08:02 122658     /lib/libdl-2.9.so
b7e91000-b7e92000 r--p 00002000 08:02 122658     /lib/libdl-2.9.so
b7e92000-b7e93000 rw-p 00003000 08:02 122658     /lib/libdl-2.9.so
b7e93000-b7fa8000 r-xp 00000000 08:02 254032     /usr/lib/libtcl8.5.so
b7fa8000-b7faa000 r--p 00115000 08:02 254032     /usr/lib/libtcl8.5.so
b7faa000-b7fae000 rw-p 00117000 08:02 254032     /usr/lib/libtcl8.5.so
b7fae000-b7faf000 rw-p b7fae000 00:00 0
b7faf000-b7fdb000 r-xp 00000000 08:02 254343     /usr/lib/libexpect5.44.1.11.so
b7fdb000-b7fdc000 r--p 0002b000 08:02 254343     /usr/lib/libexpect5.44.1.11.so
b7fdc000-b7fdd000 rw-p 0002c000 08:02 254343     /usr/lib/libexpect5.44.1.11.so
b7fdd000-b7fe0000 rw-p b7fdd000 00:00 0
b7fe2000-b7fef000 r-xp 00000000 08:02 122758     /lib/libgcc_s.so.1
b7fef000-b7ff0000 r--p 0000c000 08:02 122758     /lib/libgcc_s.so.1
b7ff0000-b7ff1000 rw-p 0000d000 08:02 122758     /lib/libgcc_s.so.1
b7ff1000-b7ff8000 r--s 00000000 08:02 74283      /usr/lib/gconv/gconv-modules.cache
b7ff8000-b7ff9000 rw-p b7ff8000 00:00 0
b7ff9000-b8017000 r-xp 00000000 08:02 354674     /lib/ld-2.9.so
b8017000-b8018000 r--p 0001d000 08:02 354674     /lib/ld-2.9.so
b8018000-b8019000 rw-p 0001e000 08:02 354674     /lib/ld-2.9.so
bf804000-bf819000 rw-p bffeb000 00:00 0          [stack]
ffffe000-fffff000 r-xp 00000000 00:00 0          [vdso]

I started analyzing the issue: When I comment out the "stty" calls in
query_passwd() then the buffer overflow does not occur. Is there a different way
to disable the terminal echo?

Change History (0)

Note: See TracTickets for help on using tickets.