Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Hi,
Please unblock package hydra. The updated package fixes a problem
observed on amd64: Restoring a session using `hydra -R` will sometimes
cause all forked processes to die with a "double free or corruption"
error.
The newly included patch (also merged by upstream) allocates the
required size to store pointers (which is not generally sizeof(int))
correctly, fixing the bug described above. The patch is quite small
(only changes three lines) and fixes Debian bug #861058 which has
severity important. The upload also includes a minor update to the man
page.
The changelog entry is:
hydra (8.3-3) unstable; urgency=medium
* Team upload.
[ Gianfranco Costamagna ]
* Fix newline in manpage (Closes: #853807)
[ Lukas Schwaighofer ]
* Allocate required pointer size correctly. This fixes an issue with
session restore (`hydra -R`) causing the forked hydra processes to die
with a "double free or corruption" error. (Closes: #861058)
-- Lukas Schwaighofer <lukas@schwaighofer.name> Wed, 03 May 2017 19:06:30 +0200
The source debdiff between the versions 8.3-2 and 8.3-3 is attached.
Thank you
Lukas Schwaighofer
unblock hydra/8.3-3
diff -Nru hydra-8.3/debian/changelog hydra-8.3/debian/changelog
--- hydra-8.3/debian/changelog 2016-11-27 17:17:26.000000000 +0100
+++ hydra-8.3/debian/changelog 2017-05-03 20:47:26.000000000 +0200
@@ -1,3 +1,17 @@
+hydra (8.3-3) unstable; urgency=medium
+
+ * Team upload.
+
+ [ Gianfranco Costamagna ]
+ * Fix newline in manpage (Closes: #853807)
+
+ [ Lukas Schwaighofer ]
+ * Allocate required pointer size correctly. This fixes an issue with
+ session restore (`hydra -R`) causing the forked hydra processes to die
+ with a "double free or corruption" error. (Closes: #861058)
+
+ -- Lukas Schwaighofer <lukas@schwaighofer.name> Wed, 03 May 2017 19:06:30 +0200
+
hydra (8.3-2) unstable; urgency=medium
* Team upload.
diff -Nru hydra-8.3/debian/patches/10_fix_typos_in_manpage.diff hydra-8.3/debian/patches/10_fix_typos_in_manpage.diff
--- hydra-8.3/debian/patches/10_fix_typos_in_manpage.diff 2016-11-27 17:17:26.000000000 +0100
+++ hydra-8.3/debian/patches/10_fix_typos_in_manpage.diff 2017-04-26 00:38:31.000000000 +0200
@@ -1,5 +1,6 @@
Description: Fix typos in manpage
-Forwarded: no
+Forwarded: https://github.com/vanhauser-thc/thc-hydra/pull/188
+ https://github.com/vanhauser-thc/thc-hydra/pull/187
Author: Daniel Echeverry <epsilon77@gmail.com>
Last-Update: 2016-06-16
--- a/xhydra.1
diff -Nru hydra-8.3/debian/patches/11_fix_man_typo.patch hydra-8.3/debian/patches/11_fix_man_typo.patch
--- hydra-8.3/debian/patches/11_fix_man_typo.patch 1970-01-01 01:00:00.000000000 +0100
+++ hydra-8.3/debian/patches/11_fix_man_typo.patch 2017-04-26 00:38:31.000000000 +0200
@@ -0,0 +1,16 @@
+Description: Fix typo preventiing -d from being correctly displayed
+Author: Gianfranco Costamagna <locutusofborg@debian.org>
+Bug-Debian: https://bugs.debian.org/853807
+
+Forwarded: https://github.com/vanhauser-thc/thc-hydra/pull/186
+
+--- hydra-8.3.orig/hydra.1
++++ hydra-8.3/hydra.1
+@@ -105,6 +105,7 @@ prefer IPv4 (default) or IPv6 addresses
+ .TP
+ .B \-v / \-V
+ verbose mode / show login+pass combination for each attempt
++.TP
+ .B \-d
+ debug mode
+ .TP
diff -Nru hydra-8.3/debian/patches/12_allocate-pointer-size-correctly.path hydra-8.3/debian/patches/12_allocate-pointer-size-correctly.path
--- hydra-8.3/debian/patches/12_allocate-pointer-size-correctly.path 1970-01-01 01:00:00.000000000 +0100
+++ hydra-8.3/debian/patches/12_allocate-pointer-size-correctly.path 2017-05-03 20:47:26.000000000 +0200
@@ -0,0 +1,46 @@
+Author: Lukas Schwaighofer <lukas@schwaighofer.name>
+Date: Tue, 25 Apr 2017 23:31:39 +0200
+Description: do not assume that sizeof(int) is the same as the pointer size
+Bug: https://github.com/vanhauser-thc/thc-hydra/issues/27
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861058
+Forwarded: https://github.com/vanhauser-thc/thc-hydra/pull/209
+
+Allocate required pointer size correctly. This fixes an issue with session
+restore (`hydra -R`) causing the forked hydra processes to die with a "double
+free or corruption" error.
+
+---
+ hydra.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/hydra.c b/hydra.c
+index 0704f49..1a49d30 100644
+--- a/hydra.c
++++ b/hydra.c
+@@ -929,7 +929,7 @@ void hydra_restore_read() {
+ }
+ if (debug)
+ printf("[DEBUG] reading restore file: Step 11 complete\n");
+- hydra_heads = malloc((hydra_options.max_use + 2) * sizeof(int) + 16);
++ hydra_heads = malloc(sizeof(hydra_head*) * hydra_options.max_use);
+ for (j = 0; j < hydra_options.max_use; j++) {
+ hydra_heads[j] = malloc(sizeof(hydra_head));
+ fck = (int) fread(hydra_heads[j], sizeof(hydra_head), 1, f);
+@@ -3350,7 +3350,7 @@ int main(int argc, char *argv[]) {
+ if (tmpptr != NULL)
+ *tmpptr = 0;
+ countservers = hydra_brains.targets = 1;
+- hydra_targets = malloc(sizeof(int) * 4);
++ hydra_targets = malloc(sizeof(hydra_target*) * 4);
+ hydra_targets[0] = malloc(sizeof(hydra_target));
+ memset(hydra_targets[0], 0, sizeof(hydra_target));
+ hydra_targets[0]->target = servers_ptr = hydra_options.server;
+@@ -3408,7 +3408,7 @@ int main(int argc, char *argv[]) {
+ }
+ } else { // standard: single target on command line
+ countservers = hydra_brains.targets = 1;
+- hydra_targets = malloc(sizeof(int) * 4);
++ hydra_targets = malloc(sizeof(hydra_target*) * 4);
+ hydra_targets[0] = malloc(sizeof(hydra_target));
+ memset(hydra_targets[0], 0, sizeof(hydra_target));
+ hydra_targets[0]->target = servers_ptr = hydra_options.server;
diff -Nru hydra-8.3/debian/patches/series hydra-8.3/debian/patches/series
--- hydra-8.3/debian/patches/series 2016-11-27 17:17:26.000000000 +0100
+++ hydra-8.3/debian/patches/series 2017-05-03 20:47:26.000000000 +0200
@@ -8,3 +8,5 @@
07_remove_troubled_files.diff
08_fix_spelling_mistakes.diff
10_fix_typos_in_manpage.diff
+11_fix_man_typo.patch
+12_allocate-pointer-size-correctly.path
Attachment:
pgpGvtdGpeqa4.pgp
Description: OpenPGP digital signature