Date: Sat, 29 Sep 2007 05:17:18 GMT From: OOTOMO Hiroyuki <ootomo@za.wakwak.com> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/116728: ckpasswd (contained INN) crashed Message-ID: <200709290517.l8T5HIHW052536@www.freebsd.org> Resent-Message-ID: <200709290520.l8T5K1DN056373@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 116728 >Category: ports >Synopsis: ckpasswd (contained INN) crashed >Confidential: no >Severity: critical >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Sep 29 05:20:01 GMT 2007 >Closed-Date: >Last-Modified: >Originator: OOTOMO Hiroyuki >Release: 6.2-STABLE >Organization: >Environment: FreeBSD sakura 6.2-STABLE FreeBSD 6.2-STABLE #1: Sun Aug 26 17:00:18 JST 2007 root@sakura:/usr/obj/usr/src/sys/SMP amd64 >Description: INN news system contains ckpasswd(8) authentication program, but it sometimes crashes with SEGV. Because ckpasswd uses strlcpy(3), and its destination string is sometimes not NULL-terminated. >How-To-Repeat: I don't know how to create the user-password-database which makes ckpasswd crash certainly. >Fix: add files/patch-authprogs_ckpasswd.c --- authprogs/ckpasswd.c.orig 2006-03-20 13:14:57.000000000 +0900 +++ authprogs/ckpasswd.c 2007-09-29 13:20:47.000000000 +0900 @@ -170,7 +170,8 @@ return NULL; } password = xmalloc(value.dsize + 1); - strlcpy(password, value.dptr, value.dsize + 1); + strncpy(password, value.dptr, value.dsize + 1); + password[value.dsize] = '\0'; dbm_close(database); return password; } >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200709290517.l8T5HIHW052536>