Re: Bug in gethostbyaddr and patch to solve
On Mon, Aug 25, 2014 at 10:39:59PM -0500, Vladimir Támara Patiño wrote: > Using tcpdump in a firewall with 5.5 (also happens with 5.4 and I guess with > current) and certain addres of the LAN I got always a segfault. > > It is a bug within the function gethostbyaddr. It can be reproduced with > the minimal test program available at: > http://openbsd.7691.n7.nabble.com/problem-with-gethostbyaddr-on-OBSD-5-4-td242329.html > and the following steps: > > 1. Create a entry in /etc/hosts with IP address but without name, for example: > echo 192.168.1.89 >> /etc/hosts > 2. Compile the test program of the link > cc -o gethostbyaddr gethostbyaddr.c > 3. Run de test program with the address added to /etc/hosts without name: > ./gethostbyaddr 192.168.1.89 > This bug was fixed some times ago. http://openbsd.cs.toronto.edu/cgi-bin/cvsweb/src/lib/libc/asr/gethostnamadr_async.c.diff?r1=1.28&r2=1.29&f=h Eric.
Re: Bug in gethostbyaddr and patch to solve
On Mon, Aug 25, 2014 at 10:39:59PM -0500, Vladimir Támara Patiño wrote: > Using tcpdump in a firewall with 5.5 (also happens with 5.4 and I guess with > current) and certain addres of the LAN I got always a segfault. Nope, already fixed in the upcomming 5.6 release and -current. http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/asr/gethostnamadr_async.c#rev1.29 (Should be easily adaptable to 5.5 if it's not already applies cleanly.) In general it's greatly appreciated if you could test on -current, too. Just by chance I remembered this one. Next time you might not get so lucky and at worst waste valuable developer time. Thanks, Florian > > It is a bug within the function gethostbyaddr. It can be reproduced > with the minimal test program available at: > http://openbsd.7691.n7.nabble.com/problem-with-gethostbyaddr-on-OBSD-5-4-td242329.html > and the following steps: > > 1. Create a entry in /etc/hosts with IP address but without name, for example: > echo 192.168.1.89 >> /etc/hosts > 2. Compile the test program of the link > cc -o gethostbyaddr gethostbyaddr.c > 3. Run de test program with the address added to /etc/hosts without name: > ./gethostbyaddr 192.168.1.89 > > Using gdb to trace the problem I got: > > Loaded symbols for /home/vtamara/comp/OpenBSD/buggethostbyaddr/gethostbyaddr > Reading symbols from /usr/lib/libc.so.73.1...done. > Loaded symbols for /usr/lib/libc.so.73.1 > Reading symbols from /usr/libexec/ld.so...done. > Loaded symbols for /usr/libexec/ld.so > #0 0x18d69baa2ba2 in strlen (str=0x0) >at /usr/src/lib/libc/string/strlen.c:43 > 43 for (s = str; *s; ++s) > (gdb) bt > #0 0x18d69baa2ba2 in strlen (str=0x0) >at /usr/src/lib/libc/string/strlen.c:43 > #1 0x18d69ba68d91 in hostent_set_cname (h=0x18d69bee9800, > name=0x0,isdname=Variable "isdname" is not available. > ) at /usr/src/lib/libc/asr/gethostnamadr_async.c:579 > #2 0x18d69ba696bd in gethostnamadr_async_run > (as=0x18d6957d3d00,ar=0x7f7f69c0) at > /usr/src/lib/libc/asr/gethostnamadr_async.c:451 > #3 0x18d69ba8078c in asr_async_run (as=0x18d6957d3d00, ar=0x7f7f69c0) >at /usr/src/lib/libc/asr/asr.c:197 > #4 0x18d69ba8085b in asr_async_run_sync (as=0x18d6957d3d00, > ar=0x7f7f69c0) at /usr/src/lib/libc/asr/asr.c:222 > #5 0x18d69ba68824 in gethostbyaddr (addr=0x7f7f6a80, len=4, af=2) >at /usr/src/lib/libc/asr/gethostnamadr.c:179 > #6 0x18d495400fbb in main () > from /home/vtamara/comp/OpenBSD/buggethostbyaddr/gethostbyaddr > > As shown hostent_set_cname receives name in NULL and tries to call > strlen with it, a simple patch is attached. > > -- > Dios, gracias por tu amor infinito. > -- Vladimir Támara Patiño. http://vtamara.pasosdeJesus.org/ > http://www.pasosdejesus.org/dominio_publico_colombia.html > > diff -ruN src55-orig/lib/libc/asr/gethostnamadr_async.c > src/lib/libc/asr/gethostnamadr_async.c > --- src55-orig/lib/libc/asr/gethostnamadr_async.c Wed Feb 26 15:00:08 2014 > +++ src/lib/libc/asr/gethostnamadr_async.cMon Aug 25 15:34:18 2014 > @@ -565,7 +565,7 @@ > charbuf[MAXDNAME]; > size_t n; > > - if (h->h.h_name) > + if (h->h.h_name || name == NULL) > return (-1); > > if (isdname) { -- I'm not entirely sure you are real.
Bug in gethostbyaddr and patch to solve
Using tcpdump in a firewall with 5.5 (also happens with 5.4 and I guess with current) and certain addres of the LAN I got always a segfault. It is a bug within the function gethostbyaddr. It can be reproduced with the minimal test program available at: http://openbsd.7691.n7.nabble.com/problem-with-gethostbyaddr-on-OBSD-5-4-td242329.html and the following steps: 1. Create a entry in /etc/hosts with IP address but without name, for example: echo 192.168.1.89 >> /etc/hosts 2. Compile the test program of the link cc -o gethostbyaddr gethostbyaddr.c 3. Run de test program with the address added to /etc/hosts without name: ./gethostbyaddr 192.168.1.89 Using gdb to trace the problem I got: Loaded symbols for /home/vtamara/comp/OpenBSD/buggethostbyaddr/gethostbyaddr Reading symbols from /usr/lib/libc.so.73.1...done. Loaded symbols for /usr/lib/libc.so.73.1 Reading symbols from /usr/libexec/ld.so...done. Loaded symbols for /usr/libexec/ld.so #0 0x18d69baa2ba2 in strlen (str=0x0) at /usr/src/lib/libc/string/strlen.c:43 43 for (s = str; *s; ++s) (gdb) bt #0 0x18d69baa2ba2 in strlen (str=0x0) at /usr/src/lib/libc/string/strlen.c:43 #1 0x18d69ba68d91 in hostent_set_cname (h=0x18d69bee9800, name=0x0, isdname=Variable "isdname" is not available. ) at /usr/src/lib/libc/asr/gethostnamadr_async.c:579 #2 0x18d69ba696bd in gethostnamadr_async_run (as=0x18d6957d3d00, ar=0x7f7f69c0) at /usr/src/lib/libc/asr/gethostnamadr_async.c:451 #3 0x18d69ba8078c in asr_async_run (as=0x18d6957d3d00, ar=0x7f7f69c0) at /usr/src/lib/libc/asr/asr.c:197 #4 0x18d69ba8085b in asr_async_run_sync (as=0x18d6957d3d00, ar=0x7f7f69c0) at /usr/src/lib/libc/asr/asr.c:222 #5 0x18d69ba68824 in gethostbyaddr (addr=0x7f7f6a80, len=4, af=2) at /usr/src/lib/libc/asr/gethostnamadr.c:179 #6 0x18d495400fbb in main () from /home/vtamara/comp/OpenBSD/buggethostbyaddr/gethostbyaddr As shown hostent_set_cname receives name in NULL and tries to call strlen with it, a simple patch is attached. -- Dios, gracias por tu amor infinito. -- Vladimir Támara Patiño. http://vtamara.pasosdeJesus.org/ http://www.pasosdejesus.org/dominio_publico_colombia.html diff -ruN src55-orig/lib/libc/asr/gethostnamadr_async.c src/lib/libc/asr/gethostnamadr_async.c --- src55-orig/lib/libc/asr/gethostnamadr_async.c Wed Feb 26 15:00:08 2014 +++ src/lib/libc/asr/gethostnamadr_async.c Mon Aug 25 15:34:18 2014 @@ -565,7 +565,7 @@ charbuf[MAXDNAME]; size_t n; - if (h->h.h_name) + if (h->h.h_name || name == NULL) return (-1); if (isdname) {