Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 01 Sep 2021 05:16:06 +0000
From:      bugzilla-noreply@freebsd.org
To:        ports-bugs@FreeBSD.org
Subject:   [Bug 258179] security/sshguard: Stack Overflow on i386 (stable/13) on startup. sshg-blocker dumps core.
Message-ID:  <bug-258179-7788-RqhPjzK625@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-258179-7788@https.bugs.freebsd.org/bugzilla/>
References:  <bug-258179-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D258179

--- Comment #5 from Kevin Zheng <kevinz5000@gmail.com> ---
Created attachment 227583
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D227583&action=
=3Dedit
Patch

(In reply to John Marshall from comment #4)
I was able to reproduce by compiling the sshguard-2.4.2 from source with
CFLAGS=3D"-fstack-protector-all -g" on FreeBSD 13.0-RELEASE GENERIC/i386 ru=
nning
on bhyve.

It looks like the blocker is crashing in whitelist_add_block6() due to a
memset() off-by-one error. The fix is below:

diff --git a/src/blocker/sshguard_whitelist.c
b/src/blocker/sshguard_whitelist.c
index 30c6717..555237a 100644
--- a/src/blocker/sshguard_whitelist.c
+++ b/src/blocker/sshguard_whitelist.c
@@ -275,7 +275,7 @@ int whitelist_add_block6(const char *restrict address, =
int
masklen) {
     bitlen =3D masklen % 8;
     bitmask =3D 0xFF << (8 - bitlen);
     ab.address.ip6.mask.s6_addr[bytelen] =3D bitmask;
-    memset(& ab.address.ip6.mask.s6_addr[bytelen+1], 0x00,
sizeof(ab.address.ip6.mask.s6_addr) - bytelen);
+    memset(& ab.address.ip6.mask.s6_addr[bytelen+1], 0x00,
sizeof(ab.address.ip6.mask.s6_addr) - bytelen - 1);

     if (! list_contains(& whitelist, &ab)) {
         list_append(& whitelist, &ab);

This fix was committed upstream in 50581dba, and a patch suitable for `git =
am`
to the ports tree is attached.

John, while this patch makes its way to the ports tree, is it convenient for
you to test the patch and confirm that it fixes the crash you're seeing?

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-258179-7788-RqhPjzK625>