[Bug 2069821] Re: [VROC] [Ub 24.04] mdadm: buffer overflow detected
Mauricio Faria de Oliveira
2069821 at bugs.launchpad.net
Mon Aug 19 20:34:38 UTC 2024
Hi Hector,
Thanks for the work on this!
Despite these changes having already been in Oracular,
_please_ address these points for Noble/LTS for better
maintenance experience over a longer/LTS life-cycle.
Some details included; hope this helps in future uploads!
Thanks!
0) bug 2070371 has an incomplete SRU template (bug 2069821 is fine).
1) List the patch filenames in the changelog.
2) Use multiple patch files as sub-items.
3) Rename/use just filenames, not sub-dirs, for bug numbers.
e.g.,
* mdadm: wait for mdmon when it is started via systemd (LP: #2070371)
- d/p/lp2070371-0001-util.c-change-devnm-to-const-in-mdmon-functions.patch
- d/p/lp2070371-0002-Wait-for-mdmon-when-it-is-stared-via-systemd.patch
* mdadm: buffer overflow detected (LP: #2069821)
- d/p/lp2069821-0001-mdadm-platform-intel-buffer-overflow-detected.patch
4) Add DEP-3 headers (please read [1]) to the patches; e.g.,
Bug-Ubuntu: https://bugs.launchpad.net/bugs/2069821
Origin: [upstream/backport,] https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=827e1870f320545796d907f50af594e901399417
5) Don't add empty lines to `d/p/series` (`quilt import` shouldn't)
6) Increment version by `ubuntu0.1` (not `ubuntu1`) in stable releases, in general
(Please read [2] for practical examples and use it as reference material in future).
[1] https://dep-team.pages.debian.net/deps/dep3/
[2] https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Update_the_packaging
** Changed in: mdadm (Ubuntu Noble)
Status: In Progress => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to mdadm in Ubuntu.
https://bugs.launchpad.net/bugs/2069821
Title:
[VROC] [Ub 24.04] mdadm: buffer overflow detected
Status in mdadm package in Ubuntu:
Fix Released
Status in mdadm source package in Noble:
Incomplete
Status in mdadm source package in Oracular:
Fix Released
Bug description:
[ Impact ]
mdadm crashes sporadically with error *** buffer overflow detected ***
at some invokations:
- mdadm --detail-pl
- mdadm -CR /dev/md0 -l1 -n2 /dev/nvme0n1 /dev/nvme1n1
*** buffer overflow detected ***: terminated
Aborted (core dumped)
[ Test Plan ]
- Install mdadm
- Issue this command several times:
mdadm --detail-pl
[ Where problems could occur ]
The fix is very small and basically it replaces the unsafe functions call
to sprintf by calling snprintf for Intel platforms (platform_intel.c)
I do not expect high regression risk.
[ Other Info ]
mdadm is built with FORTIFY_SOURCE=3 (as it is done in Ubuntu 24.04).
and it uses the unsafe function sprintf() that will cause the
buffer-overflow error
It is fixed in mdadm upstream:
https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=827e1870f320545796d907f50af594e901399417
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mdadm/+bug/2069821/+subscriptions
More information about the foundations-bugs
mailing list