Dependency Graph

Dependency Graph
related to related to child of child of duplicate of duplicate of

View Issue Details

IDProjectCategoryView StatusLast Update
0003539SOGoWeb Calendarpublic2017-04-09 16:51
Reporterskrupellos Assigned Toludovic  
PrioritynormalSeveritycrashReproducibilityalways
Status resolvedResolutionfixed 
Platformarmv7lOSArch LinuxOS Versionroling
Product Version3.0.1 
Fixed in Version3.1.0 
Summary0003539: All calendar views cause buffer overflow in sprintf
Description

REPRODUCE:
Open any calendar view (direct link for easier debugging: https://example.com/SOGo/so/user/Calendar/dayview?day=20160220)

EXPECTED:
Calendar Info

RESULT:
404 for the browser and a crash in sogo (see additional info)

REASON:
The sprintf() [1] writes to a buffer one byte to small. While calculating the buffer size, one forget the terminating '\0'-character.

FIX:
Method A) Set buffer size to 23
Method B) Do it like in the function above with stringWithFormat (if I don't miss the point of using sprintf in the first place).

LESSON LEARNED:
1) sprintf() appends '\0'
2) Never ever use sprintf() use sNprintf()!!

[1] https://github.com/inverse-inc/sogo/blob/master/SoObjects/SOGo/NSCalendarDate%2BSOGo.m#L134

Steps To Reproduce

Open any calendar view (direct link for easier debugging: https://example.com/SOGo/so/user/Calendar/dayview?day=20160220)

Additional Information

sogod[28314]: Feb 20 23:08:16 sogod [30197]: <0x0x809d2028[SOGoCache]> Cache cleanup interval set every 300.000000 seconds
sogod[28314]: Feb 20 23:08:16 sogod [30197]: <0x0x809d2028[SOGoCache]> Using host(s) '127.0.0.1' as server(s)
sogod[28314]: 2016-02-20 23:08:16.915 sogod[30197:30197] missing data for value at index 0
sogod[28314]: Feb 20 23:08:16 sogod [30197]: [WARN] <0x0x80a7f8a0[SOGoWebDAVAclManager]> entry '{DAV:}write' already exists in DAV permissions table
sogod[28314]: Feb 20 23:08:16 sogod [30197]: [WARN] <0x0x80a7f8a0[SOGoWebDAVAclManager]> entry '{DAV:}write-properties' already exists in DAV permissions table
sogod[28314]: Feb 20 23:08:16 sogod [30197]: [WARN] <0x0x80a7f8a0[SOGoWebDAVAclManager]> entry '{DAV:}write-content' already exists in DAV permissions table
sogod[28314]: Feb 20 23:08:17 sogod [30197]: [WARN] <0x0xb6d5fc24[WOxElemBuilder]> could not locate builders: WOxExtElemBuilder,WOxExtElemBuilder
sogod[28314]: buffer overflow detected : /usr/bin/sogod terminated
sogod[28314]: ======= Backtrace: =========
sogod[28314]: /usr/lib/libc.so.6(+0x66914)[0xb6599914]
sogod[28314]: /usr/lib/libc.so.6(fortify_fail+0x40)[0xb661256c]
sogod[28314]: /usr/lib/libc.so.6(__chk_fail+0x10)[0xb6610760]
sogod[28314]: /usr/lib/libc.so.6(
vsprintf_chk+0x0)[0xb660fcc4]
sogod[28314]: /usr/lib/libc.so.6(_IO_default_xsputn+0x8c)[0xb659d5a8]
sogod[28314]: /usr/lib/libc.so.6(+0x3e1b8)[0xb65711b8]
sogod[28314]: /usr/lib/libc.so.6(_IO_vfprintf+0x2c4)[0xb657264c]
sogod[28314]: /usr/lib/libc.so.6(__vsprintf_chk+0x84)[0xb660fd48]
sogod[28314]: /usr/lib/libc.so.6(__sprintf_chk+0x20)[0xb660fcac]

TagsNo tags attached.

Relationships

parent of 0003540 new Relace all sprintf() by sNprintf() or alternatives 
Not all the children of this issue are yet resolved or closed.

Activities

There are no notes attached to this issue.

Related Changesets

sogo: master 9a4d2c6b

2016-03-13 14:25

ludovic


Details Diff
(fix) properly null-terminate IS8601-formatted dates (fixes 0003539) Affected Issues
0003539
mod - NEWS Diff File
mod - SoObjects/SOGo/NSCalendarDate+SOGo.m Diff File

Issue History

Date Modified Username Field Change
2016-02-20 23:51 skrupellos New Issue
2016-02-23 18:30 francis Relationship added parent of 0003540
2016-03-13 18:26 ludovic Changeset attached => sogo master 9a4d2c6b
2016-03-13 18:26 ludovic Assigned To => ludovic
2016-03-13 18:26 ludovic Resolution open => fixed
2016-03-13 18:26 ludovic Status new => resolved
2016-03-13 18:26 ludovic Fixed in Version => 3.1.0