From owner-freebsd-questions@FreeBSD.ORG  Thu Jan 29 03:06:18 2015
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 341365D4
 for <freebsd-questions@freebsd.org>; Thu, 29 Jan 2015 03:06:18 +0000 (UTC)
Received: from mail-ie0-x22c.google.com (mail-ie0-x22c.google.com
 [IPv6:2607:f8b0:4001:c03::22c])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id DE319F92
 for <freebsd-questions@freebsd.org>; Thu, 29 Jan 2015 03:06:17 +0000 (UTC)
Received: by mail-ie0-f172.google.com with SMTP id rd18so28176949iec.3
 for <freebsd-questions@freebsd.org>; Wed, 28 Jan 2015 19:06:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=message-id:date:from:user-agent:mime-version:to:subject:references
 :in-reply-to:content-type:content-transfer-encoding;
 bh=Npt+tpJha+Utj/3URXNbv0vRCxF8c2P0o8FajtuZ5Ho=;
 b=AyNOXBLC9bTSj26lXViiP9MC+nKZPbgkKqMgL5U8YinIfenKQSPeNrIgUjHneYSlfz
 Qv1Up1CD0anP95INqQGDb4kpkR3FdjMvgEOvsK6JJuuwxuw2FAz/PpbduRIdMqXtPuuZ
 fa5PzAkgtMRm217H13qVDbzeZ/AloBcT4HfJCoRSClpfVbu0/D5+I0FNGFTwo4CFs6DZ
 G7tALHJtCQaBWKyDAao6n9zWr6wdEg6re4D7c3655sRjYaBU1OucBdcDbPS0vMT9cmUB
 2CVuzIARJ/qTSNDUWFM/FzJYV8K7LCMOxJAe6+WDVwNRpnO7pwL56AeevuYcboZNIq9E
 /Yug==
X-Received: by 10.42.145.5 with SMTP id d5mr862525icv.8.1422500776963;
 Wed, 28 Jan 2015 19:06:16 -0800 (PST)
Received: from localhost.localdomain ([50.243.6.59])
 by mx.google.com with ESMTPSA id t8sm303995igs.21.2015.01.28.19.06.16
 for <freebsd-questions@freebsd.org>
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Wed, 28 Jan 2015 19:06:16 -0800 (PST)
Message-ID: <54C9A3A7.5080202@gmail.com>
Date: Wed, 28 Jan 2015 20:06:15 -0700
From: jd1008 <jd1008@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
 rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: freebsd-questions@freebsd.org
Subject: Re: Linux "Ghost" Remote Code Execution Vulnerability
References: <20150128145247.5086e9a4@scorpio>
 <20150129033838.810254de.freebsd@edvax.de>
In-Reply-To: <20150129033838.810254de.freebsd@edvax.de>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Jan 2015 03:06:18 -0000


On 01/28/2015 07:38 PM, Polytropon wrote:
> On Wed, 28 Jan 2015 14:52:47 -0500, Jerry wrote:
>> Does this vulnerability affect FreeBSD?
>>
>> https://www.us-cert.gov/ncas/current-activity/2015/01/27/Linux-Ghost-Remote-Code-Execution-Vulnerability
> FreeBSD's gethostbyname() is located in the standard C library,
> which is libc, not glibc (that Linux is using), so probably
> FreeBSD is not affected. However, programs linked against
> glibc and run in the Linux ABI environment might be affected,
> I assume.
>
> You can find a demonstration program here:
>
> http://www.openwall.com/lists/oss-security/2015/01/27/9
>
> It's in section 4.
>
> On my home system, I get this:
>
> 	% cc -Wall -o ghost ghost.c
> 	% ./ghost
> 	should not happen
>
> Surprise: Neither "vulnerable" nor "not vulnerable" is printed.
> That result is interesting. It might indicate ternary logic.
> YES, NO, FILE_NOT_FOUND. :-)
>
> Note that 4.1 explicitely talks about "The GNU C Library"
> which FreeBSD does not use (or have). Section 4 mentions
> other programs (such as mount.nfs, ping, procmail) for
> further explanation.
Then you do not have the real mccoy.
This is the real Mccoy:

/* ghosttest.c:  GHOST vulnerability tester */
/* Credit: http://www.openwall.com/lists/oss-security/2015/01/27/9 */
#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>

#define CANARY "in_the_coal_mine"

struct {
   char buffer[1024];
   char canary[sizeof(CANARY)];
} temp = { "buffer", CANARY };

int main(void) {
   struct hostent resbuf;
   struct hostent *result;
   int herrno;
   int retval;

   /*** strlen (name) = size_needed - sizeof (*host_addr) - sizeof 
(*h_addr_ptrs) - 1; ***/
   size_t len = sizeof(temp.buffer) - 16*sizeof(unsigned char) - 
2*sizeof(char *) - 1;
   char name[sizeof(temp.buffer)];
   memset(name, '0', len);
   name[len] = '\0';

   retval = gethostbyname_r(name, &resbuf, temp.buffer, 
sizeof(temp.buffer), &result, &herrno);

   if (strcmp(temp.canary, CANARY) != 0) {
     puts("vulnerable");
     exit(EXIT_SUCCESS);
   }
   if (retval == ERANGE) {
     puts("not vulnerable");
     exit(EXIT_SUCCESS);
   }
   puts("should not happen");
   exit(EXIT_FAILURE);
}