When I run acme-client with -vv (or more) on my configuration, it segfaults.
This is caused by a buffer overrun in (netproc.c) buf_dump when called from (netproc.c) dogetcert; and the issue only seems to affect my configuration when I add one of the alternative names to the domain I am getting a cert for. I haven't put enough thought into it yet to tell whether it is a problem just with buf_dump itself, or also with how it is being invoked here. On the one hand, buf_dump probably shouldn't assume that a space in this response buffer is followed by memory in the bounds, but it's also funny that the buffer just ends there. In any event, here is gdb on the core from acme-client built out of -current anoncvs: un-site-web# gdb acme-client acme-client.core ... Core was generated by `acme-client'. Program terminated with signal 11, Segmentation fault. ... #0 buf_dump (buf=0x7f7ffffc3f18) at /usr/src/usr.sbin/acme-client/netproc.c:78 78 while (isspace((int)buf->buf[i])) (gdb) bt #0 buf_dump (buf=0x7f7ffffc3f18) at /usr/src/usr.sbin/acme-client/netproc.c:78 #1 0x00000db97abf7182 in netproc (kfd=Variable "kfd" is not available. ) at /usr/src/usr.sbin/acme-client/netproc.c:608 #2 0x00000db97abf5fce in main (argc=Variable "argc" is not available. ) at /usr/src/usr.sbin/acme-client/main.c:216 (gdb) Pardon me, I don't really have the time to write a considered patch for this right now. Cheers Aaron Muir Hamilton
