Bug 190822 - cfengine 2.1.20 buffer overflow when using ipv6
cfengine 2.1.20 buffer overflow when using ipv6
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: cfengine (Show other bugs)
5
All Linux
medium Severity high
: ---
: ---
Assigned To: Jeff Sheltren
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-05-05 11:10 EDT by Martin Wyser
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version: 2.1.20-3
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-03-14 17:17:44 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
patch (changes to file item.c only) to rebuild the rpm (849 bytes, patch)
2006-05-05 11:10 EDT, Martin Wyser
no flags Details | Diff

  None (edit)
Description Martin Wyser 2006-05-05 11:10:34 EDT
Description of problem: cfengine 2.1.20 has a buffer overflow problem related to
IP V6 interfaces and certain constructs in the configuration files of cfengine
itself.  The problem gets detected by the stack-protector feature of gcc 4.1.
Details below, have reported problem, it is fixed upstream.


Version-Release number of selected component (if applicable): 2.1.20-1.fc5


How reproducible:


Steps to Reproduce:
1. Install cfengine.
2. Into /var/cfengine/inputs/cfagent.conf, put a classes: x = (
IPRange(10.0.0.1-3) )
3. Make sure you machine has an IPv6 interface
4. cfagent --no-splay -v
  
Actual results: Stack smashing detected: cfagent terminated

Expected results: Complete run of cfengine


Additional info: The bug is a buffer overflow problem, where a (long) IPv6
address does not fit into a buffer set to be too small.  The problem was fixed
by Mark Burgess with revision 240 of file item.c.  The isolated diff to revision
207 of item.c is attached as a patch, I have rebuilt the package, installed and
verified successfully.
The patch contains only changes to item.c between revisions 207 and 240.
The problem is somewhat urgent as cfengine in a non-trivial setup will not run.
For my upstream bug report, see
http://cfengine.org/pipermail/bug-cfengine/2006-April/000011.html
Comment 1 Martin Wyser 2006-05-05 11:10:35 EDT
Created attachment 128658 [details]
patch (changes to file item.c only) to rebuild the rpm
Comment 2 Jeff Sheltren 2006-05-05 11:20:25 EDT
Martin, thanks for the patch.  I will work on updated packages shortly.
Comment 3 Jeff Sheltren 2007-03-14 17:17:44 EDT
Sorry - I never closed this when I pushed out the updated packages.  This was
fixed in 2.1.20-3.

Note You need to log in before you can comment on or make changes to this bug.