On Fri, May 03, 2013 at 03:23:11PM +1200, Michael Hudson-Doyle wrote:
> Package: siege
> Version: 2.70-4
> Severity: important
> Tags: upstream
>
> Dear Maintainer,
>
> This bug is still in the upstream 3.0.0 release.
>
> This code from newsocket in sock.c:
>
> int herrno;
> struct sockaddr_in cli;
> struct hostent *hp;
> ...
> {
> struct hostent hent;
> char hbf[8192];
> memset(hbf, '\0', sizeof hbf);
> /* for systems using GNU libc */
> if((gethostbyname_r(hostparam, &hent, hbf, sizeof(hbf), &hp, &herrno) <
> 0)){
> hp = NULL;
> }
> }
> if(hp == NULL){ return -1; }
> memset((void*) &cli, 0, sizeof(cli));
> memcpy(&cli.sin_addr, hp->h_addr, hp->h_length);
>
> invokes undefined behaviour because gethostbyname_r points hp at the 'hent'
> automatic variable but hp is used after the execution of the scope that
> declared it, in violation of section 6.2.4 of the C99 standard.
>
> The particular undefined behaviour I see is that cli.sin_addr ends up being
> all
> bits 0, and so the connection goes to localhost.
>
> I've emailed the upstream author about this.
>
> I admit that I have not verified that the bug manifests on Debian, only
> Ubuntu.
> But the bug in the code is definitely there.
>
> Cheers,
> mwh
Hello Michael,
thanks for reporting the problem, please, if possible, let me now if
you get an answer from upstream (He is usually very responsive).
I have tried to reproduce the bug, but it seems that in Debian Sid
(using Amd64 architecture) cli.sin_addr is getting the right value.
--
Josué M. Abarca S.
Vos mereces Software Libre.
PGP key 4096R/70D8FB2A 2009-06-17
Huella de clave = B3ED 4984 F65A 9AE0 6511 DAF4 756B EB4B 70D8 FB2A
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]