Date: Sat, 29 Sep 2007 05:17:18 GMT From: OOTOMO Hiroyuki <ootomo@za.wakwak.com> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/116728: ckpasswd (contained INN) crashed Message-ID: <200709290517.l8T5HIHW052536@www.freebsd.org> Resent-Message-ID: <200709290520.l8T5K1DN056373@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 116728
>Category: ports
>Synopsis: ckpasswd (contained INN) crashed
>Confidential: no
>Severity: critical
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Sep 29 05:20:01 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator: OOTOMO Hiroyuki
>Release: 6.2-STABLE
>Organization:
>Environment:
FreeBSD sakura 6.2-STABLE FreeBSD 6.2-STABLE #1: Sun Aug 26 17:00:18 JST 2007 root@sakura:/usr/obj/usr/src/sys/SMP amd64
>Description:
INN news system contains ckpasswd(8) authentication program, but it sometimes crashes with SEGV.
Because ckpasswd uses strlcpy(3), and its destination string is sometimes not NULL-terminated.
>How-To-Repeat:
I don't know how to create the user-password-database which makes ckpasswd crash certainly.
>Fix:
add files/patch-authprogs_ckpasswd.c
--- authprogs/ckpasswd.c.orig 2006-03-20 13:14:57.000000000 +0900
+++ authprogs/ckpasswd.c 2007-09-29 13:20:47.000000000 +0900
@@ -170,7 +170,8 @@
return NULL;
}
password = xmalloc(value.dsize + 1);
- strlcpy(password, value.dptr, value.dsize + 1);
+ strncpy(password, value.dptr, value.dsize + 1);
+ password[value.dsize] = '\0';
dbm_close(database);
return password;
}
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200709290517.l8T5HIHW052536>