| Summary: | Segmentation fault due to buffer overrun in the adnsresfilter program from the adns-progs package | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Paul Blankenbaker <paul.blankenbaker> | ||||
| Component: | adns | Assignee: | Adam Tkac <atkac> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 15 | CC: | atkac, byte, ovasik, rvokal | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | i686 | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2012-06-02 03:55:33 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Attachments: |
|
||||||
Your patch is correct, thanks for it. Currently I'm going to patch only Fedora 17 and rawhide, please let me know if you would like to have the patch also in older distributions. adns-1.4-12.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/adns-1.4-12.fc17 Package adns-1.4-12.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing adns-1.4-12.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-8240/adns-1.4-12.fc17 then log in and leave karma (feedback). adns-1.4-12.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report. |
Created attachment 542548 [details] Patch for RPM build of adns-1.4.tar.gz to fix error in adnsresfilter.c Description of problem: The adnsresfilter program will core dump on 32 bit Fedora 15 when run with the "--brackets" option and fed a IP address of 15 characters enclosed in brackets. Version-Release number of selected component (if applicable): How reproducible: Alwas reproducable Steps to Reproduce: 1. Boot Fedora 15 (32 bit) 2. Install ands-progs package yum install adns-progs 3. Feed a string containing a 15 character IP address within brackets into the adnsresfilter program with the --brackets option: echo "[255.255.255.255]" | adnsresfilter --unchecked --timeout 1000 --brackets Actual results: [root@probe-p3p1 ~]# echo "[255.255.255.255]" | adnsresfilter --unchecked --timeout 1000 --brackets Segmentation fault [root@probe-p3p1 ~]# Expected results: [root@dev15-32 ~]# echo "[255.255.255.255]" | adnsresfilter --unchecked --timeout 1000 --brackets [255.255.255.255] [root@dev15-32 ~]# Additional info: This appears to be a buffer overrun issue in the "client/adnsresfilter.c" source file. The addrtextbuf buffer is used to hold the IP address (and bracket characters) and is declared as: static char addrtextbuf[14]; However, a IP address like 255.255.255.255 is 15 characters long. When you add brackets it becomes 17 characters long. I fixed the segmentation fault in my local build by allocating 18 bytes (in case a null string terminator might be appended somewhere in the code). Hence to avoid the segmentation fault, I changed the above declaration to: static char addrtextbuf[18]; I've attached the "patch" file I created to apply this patch to build my own version of the RPM