From nobody Wed Sep 01 05:16:06 2021 X-Original-To: ports-bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id B9EFE17B580C for ; Wed, 1 Sep 2021 05:16:06 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Gzsj174yCz4n41 for ; Wed, 1 Sep 2021 05:16:05 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id DB6C41F596 for ; Wed, 1 Sep 2021 05:16:05 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 1815G52s010472 for ; Wed, 1 Sep 2021 05:16:05 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 1815G5Wp010471 for ports-bugs@FreeBSD.org; Wed, 1 Sep 2021 05:16:05 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 258179] security/sshguard: Stack Overflow on i386 (stable/13) on startup. sshg-blocker dumps core. Date: Wed, 01 Sep 2021 05:16:06 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: kevinz5000@gmail.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: ports-bugs@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: attachments.created Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Ports bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-ports-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports-bugs@freebsd.org X-BeenThere: freebsd-ports-bugs@freebsd.org MIME-Version: 1.0 X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D258179 --- Comment #5 from Kevin Zheng --- Created attachment 227583 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D227583&action= =3Dedit Patch (In reply to John Marshall from comment #4) I was able to reproduce by compiling the sshguard-2.4.2 from source with CFLAGS=3D"-fstack-protector-all -g" on FreeBSD 13.0-RELEASE GENERIC/i386 ru= nning on bhyve. It looks like the blocker is crashing in whitelist_add_block6() due to a memset() off-by-one error. The fix is below: diff --git a/src/blocker/sshguard_whitelist.c b/src/blocker/sshguard_whitelist.c index 30c6717..555237a 100644 --- a/src/blocker/sshguard_whitelist.c +++ b/src/blocker/sshguard_whitelist.c @@ -275,7 +275,7 @@ int whitelist_add_block6(const char *restrict address, = int masklen) { bitlen =3D masklen % 8; bitmask =3D 0xFF << (8 - bitlen); ab.address.ip6.mask.s6_addr[bytelen] =3D bitmask; - memset(& ab.address.ip6.mask.s6_addr[bytelen+1], 0x00, sizeof(ab.address.ip6.mask.s6_addr) - bytelen); + memset(& ab.address.ip6.mask.s6_addr[bytelen+1], 0x00, sizeof(ab.address.ip6.mask.s6_addr) - bytelen - 1); if (! list_contains(& whitelist, &ab)) { list_append(& whitelist, &ab); This fix was committed upstream in 50581dba, and a patch suitable for `git = am` to the ports tree is attached. John, while this patch makes its way to the ports tree, is it convenient for you to test the patch and confirm that it fixes the crash you're seeing? --=20 You are receiving this mail because: You are the assignee for the bug.=