SSHguard & IPFW
Nino J
nino80 at gmail.com
Wed Oct 7 07:23:56 UTC 2015
On Tue, Oct 6, 2015 at 9:59 AM, Alexandre <axelbsd at ymail.com> wrote:
>
> Hi Nino,
>
> I encounter now an issue with IPFW and blacklist functionnality: when I
> restart sshguard service (or reboot the machine), I need to delete
> /var/db/sshguard/blacklist.db before launch sshguard service again.
> It is a know issue as described here
> http://sourceforge.net/p/sshguard/mailman/message/34146342/
> Do you know when the next security/sshguard-ipfw version will be in
> FreeBSD ports?
>
> Thank you.
>
> Regards.
> Alexandre
>
Hi Alexandre,
As you noted, there is already a reported issue with this problem. See
https://bitbucket.org/sshguard/sshguard/issues/14/sshguard-crashes-on-blacklist-db
.
The ports version is actually the latest released version of sshguard
(1.6.1). As you can see in the issue tracker linked above, the fix will
probably come out in 1.6.2. Last reply in that issue was made on September
30th and it said that it shouldn't take long before 1.6.2 is released.
You have a few options:
- wait until 1.6.2 is released
- download the development version and install it manually (I have that and
it works fine)
- fix the buffer overflow issue in the current version locally (the problem
is a sprintf() in ipfw.c that goes through the entire address list even
though the buffer is limited to MAXIPFWCMDLEN=90)
Simple temporary fix would be to
1) increase MAXIPFWCMDLEN to a more reasonable length e.g. 16384
2) check blacklist length and error out if it exceeds MAXIPFWCMDLEN
Regards,
--
Nino
More information about the freebsd-questions
mailing list