Red Hat Bugzilla – Bug 190822
cfengine 2.1.20 buffer overflow when using ipv6
Last modified: 2007-11-30 17:11:32 EST
Description of problem: cfengine 2.1.20 has a buffer overflow problem related to IP V6 interfaces and certain constructs in the configuration files of cfengine itself. The problem gets detected by the stack-protector feature of gcc 4.1. Details below, have reported problem, it is fixed upstream. Version-Release number of selected component (if applicable): 2.1.20-1.fc5 How reproducible: Steps to Reproduce: 1. Install cfengine. 2. Into /var/cfengine/inputs/cfagent.conf, put a classes: x = ( IPRange(10.0.0.1-3) ) 3. Make sure you machine has an IPv6 interface 4. cfagent --no-splay -v Actual results: Stack smashing detected: cfagent terminated Expected results: Complete run of cfengine Additional info: The bug is a buffer overflow problem, where a (long) IPv6 address does not fit into a buffer set to be too small. The problem was fixed by Mark Burgess with revision 240 of file item.c. The isolated diff to revision 207 of item.c is attached as a patch, I have rebuilt the package, installed and verified successfully. The patch contains only changes to item.c between revisions 207 and 240. The problem is somewhat urgent as cfengine in a non-trivial setup will not run. For my upstream bug report, see http://cfengine.org/pipermail/bug-cfengine/2006-April/000011.html
Created attachment 128658 [details] patch (changes to file item.c only) to rebuild the rpm
Martin, thanks for the patch. I will work on updated packages shortly.
Sorry - I never closed this when I pushed out the updated packages. This was fixed in 2.1.20-3.