Bug#356858: marked as done (xdm chokes on null pointers in address structures returned by getifaddrs())

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Sat, 26 May 2007 14:15:11 +0200
with message-id <465824CF.7040605@ens-lyon.org>
and subject line Bug#356858: xdm chokes on null pointers in address structures returned by getifaddrs()
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---

• To: submit@bugs.debian.org
• Subject: xdm chokes on null pointers in address structures returned by getifaddrs()
• From: "Jan C. Nordholz" <jckn@gmx.net>
• Date: Tue, 14 Mar 2006 15:24:30 +0100
• Message-id: <20060314142430.GA20164@hejre.minidns.net>
• Reply-to: jckn@gmx.net

Package: xdm
Version: 1:1.0.1-2
Tags: experimental

Hi,

xdm makes the presumption that the "ifa_addr" pointer member
of the ifaddrs structures returned by getifaddrs() is
always valid (i.e. non-NULL):

    731     Debug("DefineSelf\n");
    732     if (getifaddrs(&ifap) < 0) 
    733         return;
    734     for (ifr = ifap; ifr != NULL; ifr = ifr->ifa_next) {
>>> 735         len = sizeof(*(ifr->ifa_addr));
    736         family = ConvertAddr((XdmcpNetaddr)(ifr->ifa_addr), &len, &addr);

... which it isn't. A small test program shows that this
member may be NULL for point-to-point devices - this is the
data produced by getifaddrs() on my box (displaying ifa_addr
if non-NULL; globally visible addresses dotted for privacy):

Addr of eth0 (flags 0x1043): (Family 17) IFIndex 1
Addr of lo (flags 0x49): (Family 17) IFIndex 2
Addr of eth1 (flags 0x1003): (Family 17) IFIndex 3
Addr of sit0 (flags 0x80): (Family 17) IFIndex 4
Addr of tap0 (flags 0x1043): (Family 17) IFIndex 5
Addr of tap1 (flags 0x1043): (Family 17) IFIndex 6
Addr of ppp0 (flags 0x10d1): NULL
Addr of ppp1 (flags 0x10d1): NULL
Addr of ippp0 (flags 0xd1): NULL
Addr of lo (flags 0x49): (Family 2) Addr 0x0100007f Mask 0x000000ff
Addr of eth1 (flags 0x1003): (Family 2) Addr 0x3d40a8c0 Mask 0x00ffffff
Addr of tap0 (flags 0x1043): (Family 2) Addr 0x0120a8c0 Mask 0x00ffffff
Addr of tap1 (flags 0x1043): (Family 2) Addr 0x0121a8c0 Mask 0x00ffffff
Addr of ppp0 (flags 0x10d1): (Family 2) Addr 0x........ Mask 0xffffffff
Addr of ppp1 (flags 0x10d1): (Family 2) Addr 0x........ Mask 0xffffffff
Addr of ippp0 (flags 0xd1): (Family 2) Addr 0x........ Mask 0xffffffff
Addr of eth0 (flags 0x1043): (Family 10) Addr fe80000000000000................
Addr of lo (flags 0x49): (Family 10) Addr 0000000000000000................
Addr of tap0 (flags 0x1043): (Family 10) Addr fe80000000000000................
Addr of tap1 (flags 0x1043): (Family 10) Addr fe80000000000000................

For the sake of completion, here's an excerpt of xdm's debug output,
a few comments inserted:

[...]
source /usr/X11R6/lib/X11/xdm/Xstartup
StartSession /usr/X11R6/lib/X11/xdm/Xsession: /usr/X11R6/lib/X11/xdm/Xsession ;
DISPLAY=:0 HOME=/home/jcn LOGNAME=jcn USER=jcn PATH=/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games SHELL=/bin/bash
>>> fork(); the following messages originate from the child
User netname: unix.1000@(none)
getsecretkey returns 0, key length 0
Could not set secret key.
SetUserAuthorization
XauLockAuth /home/jcn/.Xauthority
Lock is 0
opens succeeded /home/jcn/.Xauthority /home/jcn/.Xauthority-n
openFiles failed
backup lock is 0
opens succeeded /tmp/.XauthTk38EO /tmp/.XauthTk38EO-n
2 authorization protocols for :0
writeLocalAuth: :0 MIT-MAGIC-COOKIE-1
setAuthNumber :0
setAuthNumber: 0
DefineSelf
ConvertAddr returning -1 for family 17
ConvertAddr returning -1 for family 17
ConvertAddr returning -1 for family 17
ConvertAddr returning -1 for family 17
ConvertAddr returning -1 for family 17
ConvertAddr returning -1 for family 17
>>> child SIGSEGV, parent continues
StartSession, fork succeeded 26437
Client Started
Source reset program /usr/X11R6/lib/X11/xdm/Xreset
source /usr/X11R6/lib/X11/xdm/Xreset
Shell script execution: /bin/sh (optarg (null))
RemoveUserAuthorization
XauLockAuth /home/jcn/.Xauthority
Lock is 0
opens succeeded /home/jcn/.Xauthority /home/jcn/.Xauthority-n
writeLocalAuth: :0 XDM-AUTHORIZATION-1
setAuthNumber :0
setAuthNumber: 0
DefineSelf
ConvertAddr returning -1 for family 17
ConvertAddr returning -1 for family 17
ConvertAddr returning -1 for family 17
ConvertAddr returning -1 for family 17
ConvertAddr returning -1 for family 17
ConvertAddr returning -1 for family 17
>>> parent SIGSEGV

Suggested code insertion:

735    if (!ifr->ifa_addr) continue;

Or is this a bug in libc6? A struct ifaddrs with a NULL ifa_addr
member is rather pointless...


Regards,

Jan

-- 
Jan C. Nordholz
<jckn At gmx net>

--- End Message ---

--- Begin Message ---

• To: 356858-done@bugs.debian.org
• Subject: Bug#356858: xdm chokes on null pointers in address structures returned by getifaddrs()
• From: Brice Goglin <Brice.Goglin@ens-lyon.org>
• Date: Sat, 26 May 2007 14:15:11 +0200
• Message-id: <465824CF.7040605@ens-lyon.org>

Version: 1:1.0.4-1

Closing since the problem disappeared according to the submitter of #356858.

Brice

--- End Message ---