[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#565460: marked as done (aprsd crashes when someone logs in from network amd64)

Your message dated Mon, 11 Jun 2012 13:32:10 +0000
with message-id <E1Se4j4-0005nI-7K@franck.debian.org>
and subject line Bug#565460: fixed in aprsd 1:2.2.5-13-5.2
has caused the Debian Bug report #565460,
regarding aprsd crashes when someone logs in from network amd64
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
565460: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=565460
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: aprsd
Version: 1:2.2.5-13-5.1
Severity: important
Tags: patch


https://bugs.launchpad.net/ubuntu/+source/aprsd/+bug/208913

aprsd on 64-bit system crashes with segfault while trying to
process the "user" login line on any of its incoming user ports.

To reproduce, simply connect to aprsd on port 14500 (e.g. with
'telnet hostname 14500') and type "user foo<ENTER>".  Aprsd
crashes with segfault.

Note that this allows for a denial-of-service exposure in that
any user (even remote users) can crash aprsd easily, as well as
making aprsd unusable in conjunction with local clients e.g. xastir.

The attached patch fixes the problem.

# 0001.fix-user-login-crash.patch
#
# Author: Kamal Mostafa <kamal@whence.com>
#
# * Fix "user" login crash on 64-bit platforms. (LP: #208913)
# * Fix socklen_t compiler warnings (and possible failure) on 64-bit platforms.
#

=== modified file 'src/aprsString.cpp'
--- a/src/aprsString.cpp	2003-06-20 22:30:49 +0000
+++ b/src/aprsString.cpp	2009-12-26 08:35:38 +0000
@@ -905,9 +905,9 @@
 //Returns index of path element if match found
 // or npos is not found.
 
-unsigned aprsString::queryPath(const string& s, int start, int stop  , unsigned n)
+size_t aprsString::queryPath(const string& s, int start, int stop  , size_t n)
 {
-    unsigned  rc = npos;
+    size_t  rc = npos;
   
     if (valid_ax25 == false) 
         return rc;

=== modified file 'src/aprsString.h'
--- a/src/aprsString.h	2006-05-25 18:22:50 +0000
+++ b/src/aprsString.h	2009-12-26 08:35:24 +0000
@@ -204,7 +204,7 @@
    void setEchoMask(echomask_t m);
 
    //Tells if char string cp is in the ax25 path
-   unsigned queryPath(const string& s, int start = 0, int stop = -1, unsigned n = npos);
+   size_t queryPath(const string& s, int start = 0, int stop = -1, size_t n = npos);
 
    bool changePath(const char* newPath, const char* oldPath); //Change one path element
    bool addPath(const char* cp, char c = ' ');

=== modified file 'src/servers.cpp'
--- a/src/servers.cpp	2008-03-21 13:02:55 +0000
+++ b/src/servers.cpp	2009-12-26 08:28:20 +0000
@@ -963,11 +963,11 @@
                         }  // End loop detect #1
 
                         // Loop detector #2, Reject if user login call seen after qA but not last path element
-                        unsigned rc = abuff->queryPath(abuff->call,abuff->IjpIdx + 1);
+                        size_t rc = abuff->queryPath(abuff->call,abuff->IjpIdx + 1);
                         if (( rc != string::npos)
                                 && (abuff->aprsType != APRSREJECT)){
 
-                            if (rc != (unsigned)(abuff->pathSize - 1)){
+                            if (rc != (size_t)(abuff->pathSize - 1)){
                                 abuff->aprsType = APRSREJECT;    //Looped packet, REJECT
                                 string log_str = abuff->srcHeader + *abuff;
                                 WriteLog(log_str, LOGPATH + LOOPLOG);   //Write offending packet to loop.log
@@ -982,7 +982,7 @@
                             && (abuff->sourceSock != SRC_INTERNAL)){
 
                         if (abuff->EchoMask & srcUSERVALID){  //From validated connection?
-                            unsigned rc = abuff->queryPath(abuff->call,abuff->IjpIdx + 1);
+                            size_t rc = abuff->queryPath(abuff->call,abuff->IjpIdx + 1);
                             if(rc == string::npos)
                                 abuff->addPath(abuff->call); //Add user login call if not present in path.
                         }
@@ -1373,7 +1373,7 @@
     unsigned char c;
     char star = '*';
 
-    unsigned adr_size = sizeof(peer_adr);
+    socklen_t adr_size = sizeof(peer_adr);
     int n, rc,data;
     bool verified = false, loggedon = false;
     ULONG State = BASE;
@@ -1825,7 +1825,7 @@
                 }
 
                 string vd;
-                unsigned idxInvalid=0;
+                size_t idxInvalid=0;
                 if (atemp.aprsType == APRSLOGON) {
                     loggedon = true;
                     verified = false;
@@ -2111,7 +2111,7 @@
                     szPass[15] = '\0';
 
                 bool verified_tnc = false;
-                unsigned idxInvalid=0;
+                size_t idxInvalid=0;
 
                 int valid = -1;
 
@@ -2239,7 +2239,7 @@
 void *TCPServerThread(void *p)
 {
     int s = 0, rc = 0;
-    unsigned i;
+    socklen_t client_address_size;
     SessionParams* session;
     pthread_t SessionThread;
     int backlog = 5;            // Backlog of pending connections
@@ -2285,9 +2285,9 @@
     listen(s, backlog);
 
     for(;;) {
-        i = sizeof(client);
+        client_address_size = sizeof(client);
         session = new SessionParams;
-        session->Socket = accept(s, (struct sockaddr *)&client, &i);
+        session->Socket = accept(s, (struct sockaddr *)&client, &client_address_size);
         session->EchoMask = sp->EchoMask;
         session->ServerPort = sp->ServerPort;
         if (ShutDownServer) {
@@ -2334,7 +2334,7 @@
 {
 #define UDPSIZE 256
     int s,i;
-    unsigned client_address_size;
+    socklen_t client_address_size;
     struct sockaddr_in client, server;
     char buf[UDPSIZE+3];
     UdpParams* upp = (UdpParams*)p;

--- End Message ---
--- Begin Message --- 
Source: aprsd
Source-Version: 1:2.2.5-13-5.2

We believe that the bug you reported is fixed in the latest version of
aprsd, which is due to be installed in the Debian FTP archive:

aprsd_2.2.5-13-5.2.diff.gz
  to main/a/aprsd/aprsd_2.2.5-13-5.2.diff.gz
aprsd_2.2.5-13-5.2.dsc
  to main/a/aprsd/aprsd_2.2.5-13-5.2.dsc
aprsd_2.2.5-13-5.2_amd64.deb
  to main/a/aprsd/aprsd_2.2.5-13-5.2_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 565460@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Martijn van Brummelen <martijn@brumit.nl> (supplier of updated aprsd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 17 Sep 2010 17:22:19 +0200
Source: aprsd
Binary: aprsd
Architecture: source amd64
Version: 1:2.2.5-13-5.2
Distribution: unstable
Urgency: low
Maintainer: Debian Hamradio Maintainers <debian-hams@lists.debian.org>
Changed-By: Martijn van Brummelen <martijn@brumit.nl>
Description: 
 aprsd      - Internet Gateway for the Automatic Position Reporting System
Closes: 565460
Changes: 
 aprsd (1:2.2.5-13-5.2) unstable; urgency=low
 .
   * Non-maintainer upload.
   * Add 0001.fix-user-login-crash.patch
     - Fix network crash problem thanks to Kamal Mostafa (Closes: #565460).
Checksums-Sha1: 
 12d9be36b82db10c8021602315a652ba6c7afe28 1850 aprsd_2.2.5-13-5.2.dsc
 e3da35235a064656106e99d28ea87e29f977be4e 54122 aprsd_2.2.5-13-5.2.diff.gz
 fcf07771fed8beec896b8089f53c01573a4c3e91 148158 aprsd_2.2.5-13-5.2_amd64.deb
Checksums-Sha256: 
 07060d475a6892a4e666e514d0620bfbdf0e1784f2ebd78b6390b9b3743db78f 1850 aprsd_2.2.5-13-5.2.dsc
 1d41b88ed139afd8b72f3e4c4743d9a52462e2b8108dc69d0848a36c3de0de30 54122 aprsd_2.2.5-13-5.2.diff.gz
 5abe78c2b80c1feab750af61b3b127a5a032844501c9dbd9f0ebef5cebf8266a 148158 aprsd_2.2.5-13-5.2_amd64.deb
Files: 
 5e0adc84d73767129e5176b7f1834276 1850 hamradio optional aprsd_2.2.5-13-5.2.dsc
 b474520626b9835106f45820596b0d6f 54122 hamradio optional aprsd_2.2.5-13-5.2.diff.gz
 12ae6a8df39511712a88efe298323e55 148158 hamradio optional aprsd_2.2.5-13-5.2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBCAAGBQJP1fLAAAoJEDNV9NY7WCHM610P/i/M1N6egUdZqtofGPkg6fOX
+oCwkJB7e+YxQLVgesNp1ckYqKnk3xUy/Z1WqL9sNfoax3ajq5rU6C4wFgMj6iWT
58UWSxCu8Z7kLfUnXRFWhcWQiiwniQbhNZhoiSL6B+t8QqCwrHVVak4IZgKWF2fs
kqHm8KCPyYq6kagzn1JwWWKCpgj20JTMcfBuMJwbt/V3YjdIXiUpuBMod0hi0pr/
fBP6M+5cPhYgHPnqgFnidvgFHddMpgzAZS3yZlu1XVrZH2+uXfkCI60sy0Q+ee8R
SD4EXT3LrHRyHITUomjwaaFIQzsrgbcEpTNfLKEuLlmLl5dniYbXI0Cx+b8RLNoi
nyvpmlHq0YvCoJmp4/wRbV3ipkNmR/rcr1mBbuWFLy4uiIciYrBOPPNKTjaPLAIJ
ZSqw5m0qLwIUux3JHehOGu+nOnn8lHlmlSEOilpTUl5qb15NbhpLH14PM4ygGyGD
2/RhSqoqlAJTdG73KM9NA7RbOBbgZvu1GtRDv+GlLmzIOqAP4JuQgTpOI2Z6f/Bi
X+J6hwH87KS+0x3cpFbk6X2IvAwRofWxY73hVGSntxgFlHG5ZqdAepPBgUlfSgA8
Cq9w3bwniVzkxPIZ3ouaXQ3yAkLsYi7x35UtFVUydLIv6hMIisz0AvhQM2iuJp5h
6v8zgdN6lSyEN/uR9gvT
=TL3S
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: