Public bug reported:
The bug is present in raring, but also in the upstream 3.0.0 release.
This code from newsocket in sock.c:
int herrno;
struct sockaddr_in cli;
struct hostent *hp;
...
{
struct hostent hent;
char hbf[8192];
memset(hbf, '\0', sizeof hbf);
/* for systems using GNU libc */
if((gethostbyname_r(hostparam, &hent, hbf, sizeof(hbf), &hp, &herrno) < 0)){
hp = NULL;
}
}
if(hp == NULL){ return -1; }
memset((void*) &cli, 0, sizeof(cli));
memcpy(&cli.sin_addr, hp->h_addr, hp->h_length);
invokes undefined behaviour because gethostbyname_r points hp at the
'hent' automatic variable but hp is used after the execution of the
scope that declared it, in violation of section 6.2.4 of the C99
standard.
The particular undefined behaviour I see is that cli.sin_addr ends up
being all bits 0, and so the connection goes to localhost.
** Affects: siege (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to siege in Ubuntu.
https://bugs.launchpad.net/bugs/1175869
Title:
coding error can lead to connections going to localhost rather than
desired system
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/siege/+bug/1175869/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
