Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BSDSOCKET buffer overflow on LInux #327

Open
Telefonorosso opened this issue Mar 11, 2023 · 0 comments
Open

BSDSOCKET buffer overflow on LInux #327

Telefonorosso opened this issue Mar 11, 2023 · 0 comments

Comments

@Telefonorosso
Copy link

Telefonorosso commented Mar 11, 2023
edited

Hello and thank you in advance for any assistance!

HOST
Linux 5.10.0-21-amd64 1 SMP Debian 5.10.162-1 (2023-01-21) x86_64 GNU/Linux
Intel(R) Core(TM) i5-4570T CPU @ 2.90GHz - 8 GB ram

UPDATE!
Can reproduce even on Raspberry Pi 3
Linux raspberrypi 5.4.51-v7+ #1333 SMP Mon Aug 10 16:45:19 BST 2020 armv7l GNU/Linux

GUEST
fs-uae versions 3 and 4 (compiled, downloaded from apt, downloaded from website...)
Amiga ROM 3.1 rev 40.6
AmigaOS 3.1
AmiTCP 3.0 b2

(in fact, only inetd and telnetd are invoked since UAE's bsdsocket_library replaces the TCP stack alltogether)

PLUGINS
QEMU-UAE 3.8.9
(enabling/disabling it makes no difference)

CONFIG
[fs-uae]
amiga_model = A4000
chip_memory = 2048
fast_memory = 8192
hard_drive_0 = /home/.../TELNET-ADV
kickstart_file = /home/.../KICK31.ROM
bsdsocket_library = 1

Note: tried any imaginable model/cpu/mmu permutation.

HOW TO REPRODUCE
clean install Debian 11 with XFCE
su
apt-get install fs-uae
(copy Amiga hdd and ROM, edit Default.fs-uae)
fs-uae &
telnet localhost

EXPECTED RESULT
getting an Amiga shell prompt
(the setup is working with Windows 10 host and WinUAE guest)

ACTUAL RESULT
telnet connection closed without any interaction possible
emulation stopped

ERROR MESSAGE (TELNET)
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Connection closed by foreign host.

ERROR MESSAGE (FS-UAE)
*** buffer overflow detected ***: terminated

ERROR MESSAGE (GDB)
(gdb) backtrace
0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
1 0x00007ffff7546537 in __GI_abort () at abort.c:79
2 0x00007ffff759f768 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff76bd19c "*** %s ***: terminated\n")
at ../sysdeps/posix/libc_fatal.c:155
3 0x00007ffff7630542 in __GI___fortify_fa
il (msg=msg@entry=0x7ffff76bd132 "buffer overflow detected") at fortify_fail.c:26
4 0x00007ffff762ef20 in __GI___chk_fail () at chk_fail.c:28
5 0x00007ffff7630497 in __fdelt_chk (d=) at fdelt_chk.c:25
6 0x000000000058838d in ?? ()
7 0x0000000000588830 in ?? ()
8 0x00007ffff7efd0bd in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
9 0x00007ffff7700ea7 in start_thread (arg=) at pthread_create.c:477
10 0x00007ffff7620a2f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

ATTACHMENTS
debug.uae.txt
OK-fs-uae.log.txt

Cheers,
TR
@Telefonorosso Telefonorosso changed the title crash when telnetting to Amiga from Debian BSDSOCKET buffer overflow on LInux Mar 13, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Telefonorosso