Red Hat Bugzilla – Bug 847888
CNTLM : buffer overflow on socket.c
Last modified: 2013-09-04 21:34:03 EDT
Created attachment 604101 [details]
Patchfile that solve the problem
Description of problem:
I found a buffer overflow on so_resolv() function, at socket.c source file.
I opened a ticket on bugtraq from SourceForge (https://sourceforge.net/tracker/?func=detail&aid=3556189&group_id=197861&atid=963162), but it may take a long time to generate a new version, so I'm opening here too
I have to fix (patachfile attached): just replace the line...
memcpy(host, &ad->sin_addr, p->ai_addrlen);
memcpy(host, &ad->sin_addr, sizeof(struct in_addr));
Version-Release number of selected component:
1. add the "-g" parameter on MYFLAGS variable at cntlm-0.92-Makefile.patch
2. rebuild the RPM and install it
3. add several "Listen" clauses with IP:PORT on /etc/cntlm.conf
4. start cntlm service
5. run "netstat -atnp": CNTLM does open a different port from specified on /etc/cntlm.conf (caused by memory corruption)
1. add these lines on socket.c before the "memcpy(host, &ad->sin_addr, p->ai_addrlen);" line:
printf("so_resolv() : sizeof(*host) = %u\n", sizeof(*host));
printf("so_resolv() : sizeof(struct in_addr) = %u\n", sizeof(struct in_addr));
printf("so_resolv() : p->ai_addrlen = %u\n", p->ai_addrlen);
2. start cntlm service and look to displayed messages
My Sourceforge ticker was answered: this bug already corrected on current (0.92.3) release of cntlm.
Do you can update the package? If you have no time, I can try do it...
This message is a reminder that Fedora 17 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 17. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as WONTFIX if it remains open with a Fedora
'version' of '17'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version'
to a later Fedora version prior to Fedora 17's end of life.
Bug Reporter: Thank you for reporting this issue and we are sorry that
we may not be able to fix it before Fedora 17 is end of life. If you
would still like to see this bug fixed and are able to reproduce it
against a later version of Fedora, you are encouraged change the
'version' to a later Fedora version prior to Fedora 17's end of life.
Although we aim to fix as many bugs as possible during every release's
lifetime, sometimes those efforts are overtaken by events. Often a
more recent Fedora release includes newer upstream software that fixes
bugs or makes them obsolete.
I had no answer to comment 1, and despite this bug has been fixed in 0.92.3 version, the CNTLM Fedora package remains on 0.92 version.
The bug persists on Fedora 19: please update package to current version to solve this problem.
fmartins - if you'd care to become package maintainer for cntlm, I'd be more than happy to hand it over to you. Please advise.
The stack-protector=strong changes in F20+ now cause cntlm to be terminated (*** stack smashing detected ***). Since I use this, I'm happy to take over maintainership if desired. I've started by requesting commit ACLs.
This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component.
cntlm-0.92.3-1.fc19 has been submitted as an update for Fedora 19.
cntlm-0.92.3-1.fc18 has been submitted as an update for Fedora 18.
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing cntlm-0.92.3-1.fc18'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
cntlm-0.92.3-2.fc18 has been submitted as an update for Fedora 18.
cntlm-0.92.3-2.fc19 has been submitted as an update for Fedora 19.
cntlm-0.92.3-2.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
cntlm-0.92.3-2.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.