Your message dated Wed, 9 Nov 2011 21:32:57 +0100
with message-id <[email protected]>
and subject line Re: Bug#648183: libwrap0: long lines in /etc/hosts.allow cause
infinite loop
has caused the Debian Bug report #648183,
regarding libwrap0: long lines in /etc/hosts.allow cause infinite loop
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
648183: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=648183
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libwrap0
Version: 7.6.q-19
Severity: grave
Tags: patch
Justification: renders package unusable
Hi,
If a line is more than 2047 bytes long (after backslash removal) in
/etc/hosts.allow, libwrap0 will enter an infinite loop. This happened to us,
rendering the entire system pretty much unusable since sshd would not accept
any new connections, eventually having a ton of child sshd instances burning
CPU.
I've attached a patch that will properly truncate the line; it's a bit silly
to have a limit at all, but as I believe this fix would be proper for stable
and a line-limit breaker won't, I'll file that as a separate bug.
-- System Information:
Debian Release: 6.0.3
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.39-bpo.2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libwrap0 depends on:
ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib
Versions of packages libwrap0 recommends:
ii tcpd 7.6.q-19 Wietse Venema's TCP wrapper utilit
libwrap0 suggests no packages.
-- no debconf information
Description: Fix an off-by-one causing infinite loop in xgets().
When a line becomes too long for the given buffer, fgets() will truncate it,
but it will still leave one byte free for the trailing zero.
This causes xgets() to try fread() calls with a length parameter of one,
which succeeds in reading zero bytes (n-1), causing an infinite loop.
The fix is simple: Check that we have space for more than just the zero
byte before we fgets().
Author: Steinar H. Gunderson <[email protected]>
Last-Update: 2011-11-09
--- tcp-wrappers-7.6.q.orig/misc.c
+++ tcp-wrappers-7.6.q/misc.c
@@ -33,7 +33,7 @@ FILE *fp;
int got;
char *start = ptr;
- while (fgets(ptr, len, fp)) {
+ while (len > 1 && fgets(ptr, len, fp)) {
got = strlen(ptr);
if (got >= 1 && ptr[got - 1] == '\n') {
tcpd_context.line++;
--- End Message ---
--- Begin Message ---
Version: 7.6.q-20
On Nov 09, "Steinar H. Gunderson" <[email protected]> wrote:
> If a line is more than 2047 bytes long (after backslash removal) in
> /etc/hosts.allow, libwrap0 will enter an infinite loop. This happened to us,
7.6.q-20 already has a similar fix.
I do not think that this bug justifies a stable upload, since AFAIK it
has been present forever.
--
ciao,
Marco
signature.asc
Description: Digital signature
--- End Message ---
