Description of problem: authd incorrectly assumes that the "tm->when" field in /proc/net/tcp* is limited to a 32-bit value, and fails when that value exceeds UINT_MAX. Version-Release number of selected component (if applicable): 1.4.3-9 How reproducible: Always. Steps to Reproduce: On an FC6 x86_64 bit machine in multiuser mode: 1. ssh localhost 2. set -- $SSH_CONNECTION 3. yes $2,$4 | /usr/sbin/in.authd -d -m Actual results: local_address =(null):D15D rem_address =(null):0016 /proc/net/tcp =sl:7 uid:500 inode:37274 53597 , 22 : USERID : UNIX :rugolsky [ ... repeated potentially a few hundred times ... ] local_address =(null):D15D rem_address =(null):0016 /proc/net/tcp:2: 0: 0100007F:1F40 00000000:0000 0A 00000000:00000000 00:1AD7F29ABCA 00000000 0 0 10222 1 ffff81006e767800 3000 0 0 2 -1 /proc/net/tcp =sl:7 uid:500 inode:37274 53597 , 22 : ERROR :rugolsky Expected results: Endless repeating pattern of output, without error. Additional info: This problem currently only occurs when running a 64-bit kernel, with either 64-bit or 32-bit authd. I worked around it by creating a get_tok_ullong() function to mirror the behavior of get_tok_uint(), but that's not really necessary. The code is quite crufty, and could use a cleanup pass to iron out the use of various integer sizes. The offending lines in authd.c are: 350 static unsigned long get_tok_uint(char *s, unsigned base) { 351 unsigned long ul = ULONG_MAX; 352 353 assert(base <= 36); 354 if ((s = strtok(s, DELIM)) != NULL) { 355 char *endptr; 356 357 ul = strtoul(s, &endptr, (int) base); 358 if (ul > UINT_MAX || is_bad_strto(s, endptr)) 359 errno = EINVAL; 360 } 361 else errno = EINVAL; 362 return ul; 363 } and 657 (void) get_tok_uint(NULL, 16); // tm->when (unit: jiffies)
Created attachment 151088 [details] simple-minded workaround for parse failure
Thanks for patch and sorry for long delay. Fedora 6 is EOL, changing version to rawhide. Fixed in rawhide, authd-1.4.3-13.x86_64.rpm.