Package: siege Version: 2.70-4 Severity: important Tags: upstream Dear Maintainer,
This bug is still in the upstream 3.0.0 release. This code from newsocket in sock.c: int herrno; struct sockaddr_in cli; struct hostent *hp; ... { struct hostent hent; char hbf[8192]; memset(hbf, '\0', sizeof hbf); /* for systems using GNU libc */ if((gethostbyname_r(hostparam, &hent, hbf, sizeof(hbf), &hp, &herrno) < 0)){ hp = NULL; } } if(hp == NULL){ return -1; } memset((void*) &cli, 0, sizeof(cli)); memcpy(&cli.sin_addr, hp->h_addr, hp->h_length); invokes undefined behaviour because gethostbyname_r points hp at the 'hent' automatic variable but hp is used after the execution of the scope that declared it, in violation of section 6.2.4 of the C99 standard. The particular undefined behaviour I see is that cli.sin_addr ends up being all bits 0, and so the connection goes to localhost. I've emailed the upstream author about this. I admit that I have not verified that the bug manifests on Debian, only Ubuntu. But the bug in the code is definitely there. Cheers, mwh -- System Information: Debian Release: wheezy/sid APT prefers raring-updates APT policy: (500, 'raring-updates'), (500, 'raring-security'), (500, 'raring-proposed'), (500, 'raring'), (100, 'raring-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.8.0-19-generic (SMP w/4 CPU cores) Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages siege depends on: ii libc6 2.17-0ubuntu5 ii libssl1.0.0 1.0.1c-4ubuntu8 siege recommends no packages. siege suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org