Bug 1121409

Summary: Buffer overflow in Perl 5.28.1 with git send-email
Product: [openSUSE] openSUSE Tumbleweed Reporter: Thomas Zimmermann <tzimmermann>
Component: DevelopmentAssignee: Markéta Machová <mmachova>
Status: RESOLVED DUPLICATE QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None    
Version: Current   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Thomas Zimmermann 2019-01-10 09:20:30 UTC 
git-send-email is a Perl script that creates patches from Git commits and sends them out via email. It's part Git's source-code repository. With Perl 5.28.1 and Git 2.20.1, this script fails with a buffer overflow in Perl.

An example with the Linux source code is shown below. DO NOT REPRODUCE THIS EXAMPLE AS-IS. If if works for you, you might send out email to developers (e.g., Linus Torvalds)

*** snip ***
tzimmermann@linux-uq9g:~/Projekte/linux> git send-email -1 --to=noreply@example.com
/tmp/bdZOhDvXQ9/0001-arch-openrisc-Fix-issues-with-access_ok.patch
(mbox) Adding cc: Stafford Horne <shorne@gmail.com> from line 'From: Stafford Horne <shorne@gmail.com>'
(body) Adding cc: Guenter Roeck <linux@roeck-us.net> from line 'Cc: Guenter Roeck <linux@roeck-us.net>'
(body) Adding cc: Linus Torvalds <torvalds@linux-foundation.org> from line 'Cc: Linus Torvalds <torvalds@linux-foundation.org>'
(body) Adding cc: Linus Torvalds <torvalds@linux-foundation.org> from line 'Reported-by: Linus Torvalds <torvalds@linux-foundation.org>'
(body) Adding cc: Stafford Horne <shorne@gmail.com> from line 'Signed-off-by: Stafford Horne <shorne@gmail.com>'
(body) Adding cc: Linus Torvalds <torvalds@linux-foundation.org> from line 'Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>'

From: Thomas Zimmermann <tzimmermann@suse.de>
To: noreply@example.com
Cc: Stafford Horne <shorne@gmail.com>,
	Guenter Roeck <linux@roeck-us.net>,
	Linus Torvalds <torvalds@linux-foundation.org>
Subject: [PATCH] arch/openrisc: Fix issues with access_ok()
Date: Thu, 10 Jan 2019 10:03:31 +0100
Message-Id: <20190110090331.6180-1-tzimmermann@suse.de>
X-Mailer: git-send-email 2.20.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

    The Cc list above has been expanded by additional
    addresses found in the patch commit message. By default
    send-email prompts before sending whenever this occurs.
    This behavior is controlled by the sendemail.confirm
    configuration setting.

    For additional information, run 'git send-email --help'.
    To retain the current behavior, but squelch this message,
    run 'git config --global sendemail.confirm auto'.

Warning: unable to close filehandle __ANONIO__ properly: Bad file descriptor at /usr/lib/git/git-send-email line 812.
Warning: unable to close filehandle __ANONIO__ properly: Bad file descriptor at /usr/lib/git/git-send-email line 812.
*** buffer overflow detected ***: /usr/bin/perl terminated
error: git-send-email died of signal 6
*** snap ***

More information on installed packages:

*** snip ***
tzimmermann@linux-uq9g:~/Projekte/linux> LANG= zypper info perl git
Loading repository data...
Reading installed packages...


Information for package perl:
-----------------------------
Repository     : openSUSE-Tumbleweed-Oss
Name           : perl                   
Version        : 5.28.1-1.1             
Arch           : x86_64                 
Vendor         : openSUSE               
Installed Size : 45.5 MiB               
Installed      : Yes (automatically)    
Status         : up-to-date             
Source package : perl-5.28.1-1.1.src    
Summary        : The Perl interpreter   
Description    :                        
    perl - Practical Extraction and Report Language

    Perl is optimized for scanning arbitrary text files, extracting
    information from those text files, and printing reports based on that
    information.  It is also good for many system management tasks. Perl is
    intended to be practical (easy to use, efficient, and complete) rather
    than beautiful (tiny, elegant, and minimal).

    Some of the modules available on CPAN can be found in the "perl"
    series.


Information for package git:
----------------------------
Repository     : openSUSE-Tumbleweed-Oss                            
Name           : git                                                
Version        : 2.20.1-1.1                                         
Arch           : x86_64                                             
Vendor         : openSUSE                                           
Installed Size : 3.1 KiB                                            
Installed      : Yes                                                
Status         : up-to-date                                         
Source package : git-2.20.1-1.1.src                                 
Summary        : Fast, scalable, distributed revision control system
Description    :                                                    
    Git is a fast, scalable, distributed revision control system with an
    unusually rich command set that provides both high-level operations and
    full access to internals.

    This package itself only provides the README of git but with the
    packages it requires, it brings you a complete Git environment
    including GTK and email interfaces and tools for importing source code
    repositories from other revision control systems such as subversion,
    CVS, and GNU arch.
*** snap ***

Last time I used this script successfully was with Perl 5.26 and Git 2.19 sometime in late 2018.
Comment 1 Markéta Machová 2019-01-11 11:07:34 UTC 
Thanks for the report. This bug has been already discussed upstream:
https://public-inbox.org/git/1e4ac3d5-f6f5-bcce-2f09-0519934289b9@milecki.pl/
and it is probably not related to git itself:
https://rt.perl.org/Public/Bug/Display.html?id=133750.

It is already reported as https://bugzilla.opensuse.org/show_bug.cgi?id=1120759, marking as duplicate.

*** This bug has been marked as a duplicate of bug 1120759 ***
Comment 2 Thomas Zimmermann 2019-01-11 12:00:34 UTC 
Thank you for the fast reply. Sorry for the duplicate bug report. I looked, but didn't see the existing bug.