>Number: 6357
>Category: system
>Synopsis: sasyncd(8) treats whitespace after comments as EOF in
>sasyncd.conf
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Fri Apr 16 21:40:02 GMT 2010
>Closed-Date:
>Last-Modified:
>Originator:
>Release:
>Organization:
>Environment:
System : OpenBSD 4.6
Details : OpenBSD 4.6 (GENERIC) #58: Thu Jul 9 21:24:42 MDT 2009
[email protected]:/usr/src/sys/arch/i386/compile/GENERIC
Architecture: OpenBSD.i386
Machine : i386
>Description:
The scanner used to read sasyncd.conf will copy one whitespace after a
comment and thus indicate end of file (except before the first token) so
that the parser will stop and sasyncd(8) will not see the rest of the
configuration file.
>How-To-Repeat:
Start sasyncd(8) with the following sasyncd.conf:
peer 10.0.0.2
# comment
interface carp1
sharedkey 0x349fec85c11f6b658d5c457d4668e035f11dfdccb849d5053a8763787b74db70
Parsing this configuration stops after the comment. Neither the
interface, nor the sharedkey will get parsed. Thus, sasyncd(8) will
terminate with: "config: no shared key specified, cannot continue"
>Fix:
Apply the following patch, which rewrites the comment and whitespace
handling of sasyncd(8).
We need to malloc(conflen + 2), because the end of tokens is indicated
by two (char)0 and there might not be any superfluous whitespace or
comments in the configuration.
A better fix would be to completely rewrite the configuration scanner of
sasyncd(8). sasyncd(8) is the only program in /usr/sbin still using
this style of scanner.
Index: conf.y
===================================================================
RCS file: /home/CVSROOT/src/usr.sbin/sasyncd/conf.y,v
retrieving revision 1.14
diff -u -d -r1.14 conf.y
--- conf.y 17 May 2007 11:01:36 -0000 1.14
+++ conf.y 16 Apr 2010 20:37:55 -0000
@@ -346,9 +346,9 @@
goto bad;
conflen = st.st_size;
- buf = (char *)malloc(conflen + 1);
+ buf = (char *)malloc(conflen + 2);
if (!buf) {
- log_err("malloc(%d) failed", conflen + 1);
+ log_err("malloc(%d) failed", conflen + 2);
close(fd);
return 1;
}
@@ -364,21 +364,23 @@
/* Prepare the buffer somewhat in the way of strsep() */
buf[conflen] = (char)0;
for (s = buf, d = s; *s && s < buf + conflen; s++) {
- if (isspace(*s) && isspace(*(s+1)))
- continue;
- if (*s == '#') {
- while (*s != '\n' && s < buf + conflen)
+ /* skip spaces and comments */
+ while ((isspace(*s) || *s == '#') && s < buf + conflen) {
+ if (*s == '#')
+ while (*s != '\n' && *s && s < buf + conflen)
+ s++;
+ else
s++;
- continue;
}
- if (d == buf && isspace(*s))
- continue;
- *d++ = *s;
+
+ /* copy token */
+ while (!isspace(*s) && *s != '#' && *s && s < buf + conflen)
+ *d++ = *s++;
+
+ /* separate tokens with 0 */
+ *d++ = (char)0;
}
*d = (char)0;
- for (s = buf; s <= d; s++)
- if (isspace(*s))
- *s = (char)0;
confbuf = buf;
confptr = NULL;
>Release-Note:
>Audit-Trail:
>Unformatted:
