[Bug 258179] security/sshguard: Stack Overflow on i386 (stable/13) on startup. sshg-blocker dumps core.

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 01 Sep 2021 05:16:06 UTC

--- Comment #5 from Kevin Zheng <kevinz5000@gmail.com> ---
Created attachment 227583
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=227583&action=edit

(In reply to John Marshall from comment #4)
I was able to reproduce by compiling the sshguard-2.4.2 from source with
CFLAGS="-fstack-protector-all -g" on FreeBSD 13.0-RELEASE GENERIC/i386 running
on bhyve.

It looks like the blocker is crashing in whitelist_add_block6() due to a
memset() off-by-one error. The fix is below:

diff --git a/src/blocker/sshguard_whitelist.c
index 30c6717..555237a 100644
--- a/src/blocker/sshguard_whitelist.c
+++ b/src/blocker/sshguard_whitelist.c
@@ -275,7 +275,7 @@ int whitelist_add_block6(const char *restrict address, int
masklen) {
     bitlen = masklen % 8;
     bitmask = 0xFF << (8 - bitlen);
     ab.address.ip6.mask.s6_addr[bytelen] = bitmask;
-    memset(& ab.address.ip6.mask.s6_addr[bytelen+1], 0x00,
sizeof(ab.address.ip6.mask.s6_addr) - bytelen);
+    memset(& ab.address.ip6.mask.s6_addr[bytelen+1], 0x00,
sizeof(ab.address.ip6.mask.s6_addr) - bytelen - 1);

     if (! list_contains(& whitelist, &ab)) {
         list_append(& whitelist, &ab);

This fix was committed upstream in 50581dba, and a patch suitable for `git am`
to the ports tree is attached.

John, while this patch makes its way to the ports tree, is it convenient for
you to test the patch and confirm that it fixes the crash you're seeing?

You are receiving this mail because:
You are the assignee for the bug.