ports/52602: security/ident2 port segfaults when returning username
Ilya Novoselov
nullguid at t72.ru
Fri May 23 08:20:17 UTC 2003
>Number: 52602
>Category: ports
>Synopsis: security/ident2 port segfaults when returning username
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri May 23 01:20:15 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator: Ilya Novoselov
>Release: FreeBSD 4.6.2-RELEASE i386
>Organization:
Russian Company JSC
>Environment:
System: FreeBSD a-tuin.t72.ru 4.6.2-RELEASE FreeBSD 4.6.2-RELEASE #2: Sun Aug 25 18:09:24 YEKST 2002 rz at a-tuin.t72.ru:/usr/src/sys/compile/A-TUIN i386
>Description:
inetd2 segfaults because buffer get freed before value accessed, fix follows
>How-To-Repeat:
>Fix:
--- machine.c.orig Fri May 23 11:40:55 2003
+++ machine.c Fri May 23 11:42:16 2003
@@ -101,6 +101,7 @@
struct xinpgen *xig, *oxig;
struct xsocket *so;
size_t len;
+ uid_t uid;
if (sysctlbyname (mibvar, 0, &len, 0, 0) < 0) {
syslog (LOG_WARNING, "sysctl: %s: %s\n", mibvar,
@@ -135,8 +136,9 @@
&& (laddr->s_addr) == inp->inp_laddr.s_addr
&& rp == ntohs (inp->inp_fport)
&& lp == ntohs (inp->inp_lport)) {
+ uid = so->so_uid;
free (buf);
- return so->so_uid;
+ return uid;
}
}
free (buf);
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list