Re: Bug in gethostbyaddr and patch to solve

2014-08-28 Thread Eric Faurot 
On Mon, Aug 25, 2014 at 10:39:59PM -0500, Vladimir Támara Patiño wrote:
> Using tcpdump in a firewall with 5.5 (also happens with 5.4 and I guess with
> current) and certain addres of the LAN I got always a segfault.
> 
> It is a bug within the function gethostbyaddr.  It can be reproduced with
> the minimal test program available at:
> http://openbsd.7691.n7.nabble.com/problem-with-gethostbyaddr-on-OBSD-5-4-td242329.html
> and the following steps:
> 
> 1. Create a entry in /etc/hosts with IP address but without name, for example:
>   echo 192.168.1.89 >> /etc/hosts
> 2. Compile the test program of the link
>   cc -o gethostbyaddr gethostbyaddr.c
> 3. Run de test program with the address added to /etc/hosts without name:
>   ./gethostbyaddr 192.168.1.89
> 

This bug was fixed some times ago.

http://openbsd.cs.toronto.edu/cgi-bin/cvsweb/src/lib/libc/asr/gethostnamadr_async.c.diff?r1=1.28&r2=1.29&f=h

Eric.

Re: Bug in gethostbyaddr and patch to solve

2014-08-26 Thread Florian Obser 
On Mon, Aug 25, 2014 at 10:39:59PM -0500, Vladimir Támara Patiño wrote:
> Using tcpdump in a firewall with 5.5 (also happens with 5.4 and I guess with
> current) and certain addres of the LAN I got always a segfault.

Nope, already fixed in the upcomming 5.6 release and -current.

http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/asr/gethostnamadr_async.c#rev1.29

(Should be easily adaptable to 5.5 if it's not already applies cleanly.)

In general it's greatly appreciated if you could test on -current,
too. Just by chance I remembered this one. Next time you might not get
so lucky and at worst waste valuable developer time.

Thanks,
Florian

> 
> It is a bug within the function gethostbyaddr.  It can be reproduced
> with the minimal test program available at:
> http://openbsd.7691.n7.nabble.com/problem-with-gethostbyaddr-on-OBSD-5-4-td242329.html
> and the following steps:
> 
> 1. Create a entry in /etc/hosts with IP address but without name, for example:
>   echo 192.168.1.89 >> /etc/hosts
> 2. Compile the test program of the link
>   cc -o gethostbyaddr gethostbyaddr.c
> 3. Run de test program with the address added to /etc/hosts without name:
>   ./gethostbyaddr 192.168.1.89
> 
> Using gdb to trace the problem I got:
> 
> Loaded symbols for /home/vtamara/comp/OpenBSD/buggethostbyaddr/gethostbyaddr
> Reading symbols from /usr/lib/libc.so.73.1...done.
> Loaded symbols for /usr/lib/libc.so.73.1
> Reading symbols from /usr/libexec/ld.so...done.
> Loaded symbols for /usr/libexec/ld.so
> #0  0x18d69baa2ba2 in strlen (str=0x0)
>at /usr/src/lib/libc/string/strlen.c:43
> 43  for (s = str; *s; ++s)
> (gdb) bt
> #0  0x18d69baa2ba2 in strlen (str=0x0)
>at /usr/src/lib/libc/string/strlen.c:43
> #1  0x18d69ba68d91 in hostent_set_cname (h=0x18d69bee9800,
> name=0x0,isdname=Variable "isdname" is not available.
> ) at /usr/src/lib/libc/asr/gethostnamadr_async.c:579
> #2  0x18d69ba696bd in gethostnamadr_async_run
> (as=0x18d6957d3d00,ar=0x7f7f69c0) at
> /usr/src/lib/libc/asr/gethostnamadr_async.c:451
> #3  0x18d69ba8078c in asr_async_run (as=0x18d6957d3d00, ar=0x7f7f69c0)
>at /usr/src/lib/libc/asr/asr.c:197
> #4  0x18d69ba8085b in asr_async_run_sync (as=0x18d6957d3d00,
> ar=0x7f7f69c0) at /usr/src/lib/libc/asr/asr.c:222
> #5  0x18d69ba68824 in gethostbyaddr (addr=0x7f7f6a80, len=4, af=2)
>at /usr/src/lib/libc/asr/gethostnamadr.c:179
> #6  0x18d495400fbb in main ()
>   from /home/vtamara/comp/OpenBSD/buggethostbyaddr/gethostbyaddr
> 
> As shown hostent_set_cname receives name in NULL and tries to call
> strlen with it, a simple patch is attached.
> 
> -- 
> Dios, gracias por tu amor infinito.
> --   Vladimir Támara Patiño.  http://vtamara.pasosdeJesus.org/
>  http://www.pasosdejesus.org/dominio_publico_colombia.html
> 

> diff -ruN src55-orig/lib/libc/asr/gethostnamadr_async.c 
> src/lib/libc/asr/gethostnamadr_async.c
> --- src55-orig/lib/libc/asr/gethostnamadr_async.c Wed Feb 26 15:00:08 2014
> +++ src/lib/libc/asr/gethostnamadr_async.cMon Aug 25 15:34:18 2014
> @@ -565,7 +565,7 @@
>   charbuf[MAXDNAME];
>   size_t  n;
>  
> - if (h->h.h_name)
> + if (h->h.h_name || name == NULL)
>   return (-1);
>  
>   if (isdname) {


-- 
I'm not entirely sure you are real.

Bug in gethostbyaddr and patch to solve

2014-08-25 Thread Vladimir Támara Patiño 

Using tcpdump in a firewall with 5.5 (also happens with 5.4 and I guess with
current) and certain addres of the LAN I got always a segfault.

It is a bug within the function gethostbyaddr.  It can be reproduced with 
the minimal test program available at:

http://openbsd.7691.n7.nabble.com/problem-with-gethostbyaddr-on-OBSD-5-4-td242329.html
and the following steps:

1. Create a entry in /etc/hosts with IP address but without name, for example:
echo 192.168.1.89 >> /etc/hosts
2. Compile the test program of the link
cc -o gethostbyaddr gethostbyaddr.c
3. Run de test program with the address added to /etc/hosts without name:
./gethostbyaddr 192.168.1.89

Using gdb to trace the problem I got:

Loaded symbols for /home/vtamara/comp/OpenBSD/buggethostbyaddr/gethostbyaddr
Reading symbols from /usr/lib/libc.so.73.1...done.
Loaded symbols for /usr/lib/libc.so.73.1
Reading symbols from /usr/libexec/ld.so...done.
Loaded symbols for /usr/libexec/ld.so
#0  0x18d69baa2ba2 in strlen (str=0x0)
   at /usr/src/lib/libc/string/strlen.c:43
43  for (s = str; *s; ++s)
(gdb) bt
#0  0x18d69baa2ba2 in strlen (str=0x0)
   at /usr/src/lib/libc/string/strlen.c:43
#1  0x18d69ba68d91 in hostent_set_cname (h=0x18d69bee9800, name=0x0, 
   isdname=Variable "isdname" is not available.

) at /usr/src/lib/libc/asr/gethostnamadr_async.c:579
#2  0x18d69ba696bd in gethostnamadr_async_run (as=0x18d6957d3d00, 
   ar=0x7f7f69c0) at /usr/src/lib/libc/asr/gethostnamadr_async.c:451

#3  0x18d69ba8078c in asr_async_run (as=0x18d6957d3d00, ar=0x7f7f69c0)
   at /usr/src/lib/libc/asr/asr.c:197
#4  0x18d69ba8085b in asr_async_run_sync (as=0x18d6957d3d00, 
   ar=0x7f7f69c0) at /usr/src/lib/libc/asr/asr.c:222

#5  0x18d69ba68824 in gethostbyaddr (addr=0x7f7f6a80, len=4, af=2)
   at /usr/src/lib/libc/asr/gethostnamadr.c:179
#6  0x18d495400fbb in main ()
  from /home/vtamara/comp/OpenBSD/buggethostbyaddr/gethostbyaddr

As shown hostent_set_cname receives name in NULL and tries to call strlen 
with it, a simple patch is attached.


--
Dios, gracias por tu amor infinito.
--  
 Vladimir Támara Patiño.  http://vtamara.pasosdeJesus.org/

 http://www.pasosdejesus.org/dominio_publico_colombia.html

diff -ruN src55-orig/lib/libc/asr/gethostnamadr_async.c 
src/lib/libc/asr/gethostnamadr_async.c
--- src55-orig/lib/libc/asr/gethostnamadr_async.c   Wed Feb 26 15:00:08 2014
+++ src/lib/libc/asr/gethostnamadr_async.c  Mon Aug 25 15:34:18 2014
@@ -565,7 +565,7 @@
charbuf[MAXDNAME];
size_t  n;
 
-   if (h->h.h_name)
+   if (h->h.h_name || name == NULL)
return (-1);
 
if (isdname) {