On 12/04/15 13:20, Emanuele Rocca wrote: > On systems with more than 65535 processes running, pppd aborts when > sending a "start" accounting message to the RADIUS server because of a > buffer overflow in rc_mksid. > > The process id is used in rc_mksid to generate a pseudo-unique string, > assuming that the hex representation of the pid will be at most 4 > characters (FFFF). __sprintf_chk(), used when compiling with > optimization levels greater than 0 and FORTIFY_SOURCE, detects the > buffer overflow and makes pppd crash. > > The following patch fixes the problem. > > --- ppp-2.4.6.orig/pppd/plugins/radius/util.c > +++ ppp-2.4.6/pppd/plugins/radius/util.c > @@ -77,7 +77,7 @@ rc_mksid (void) > static unsigned short int cnt = 0; > sprintf (buf, "%08lX%04X%02hX", > (unsigned long int) time (NULL), > - (unsigned int) getpid (), > + (unsigned int) getpid () % 65535, > cnt & 0xFF); > cnt++; > return buf;
Hi Emanuele, Did you send your patch upstream? If not, would you mind if I did so? Would you be able to provide a "Signed-off-by" line as required by upstream? Thanks, Chris -- Chris Boot deb...@bootc.net GPG: 8467 53CB 1921 3142 C56D C918 F5C8 3C05 D9CE EEEE -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
