Date: Fri, 23 May 2003 14:19:07 +0600 (YEKST) From: Ilya Novoselov <nullguid@t72.ru> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/52602: security/ident2 port segfaults when returning username Message-ID: <200305230819.h4N8J7kw005280@a-tuin.t72.ru> Resent-Message-ID: <200305230820.h4N8KGkZ072711@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 52602
>Category: ports
>Synopsis: security/ident2 port segfaults when returning username
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri May 23 01:20:15 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator: Ilya Novoselov
>Release: FreeBSD 4.6.2-RELEASE i386
>Organization:
Russian Company JSC
>Environment:
System: FreeBSD a-tuin.t72.ru 4.6.2-RELEASE FreeBSD 4.6.2-RELEASE #2: Sun Aug 25 18:09:24 YEKST 2002 rz@a-tuin.t72.ru:/usr/src/sys/compile/A-TUIN i386
>Description:
inetd2 segfaults because buffer get freed before value accessed, fix follows
>How-To-Repeat:
>Fix:
--- machine.c.orig Fri May 23 11:40:55 2003
+++ machine.c Fri May 23 11:42:16 2003
@@ -101,6 +101,7 @@
struct xinpgen *xig, *oxig;
struct xsocket *so;
size_t len;
+ uid_t uid;
if (sysctlbyname (mibvar, 0, &len, 0, 0) < 0) {
syslog (LOG_WARNING, "sysctl: %s: %s\n", mibvar,
@@ -135,8 +136,9 @@
&& (laddr->s_addr) == inp->inp_laddr.s_addr
&& rp == ntohs (inp->inp_fport)
&& lp == ntohs (inp->inp_lport)) {
+ uid = so->so_uid;
free (buf);
- return so->so_uid;
+ return uid;
}
}
free (buf);
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200305230819.h4N8J7kw005280>