Bug 847888 - CNTLM : buffer overflow on socket.c
CNTLM : buffer overflow on socket.c
Product: Fedora
Classification: Fedora
Component: cntlm (Show other bugs)
x86_64 Linux
unspecified Severity medium
: ---
: ---
Assigned To: Sandro Mani
Fedora Extras Quality Assurance
Depends On:
Blocks: 847892
  Show dependency treegraph
Reported: 2012-08-13 18:17 EDT by Fabiano Martins
Modified: 2013-09-04 21:34 EDT (History)
4 users (show)

See Also:
Fixed In Version: cntlm-0.92.3-2.fc18
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-09-04 21:31:53 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Patchfile that solve the problem (381 bytes, patch)
2012-08-13 18:17 EDT, Fabiano Martins
no flags Details | Diff

  None (edit)
Description Fabiano Martins 2012-08-13 18:17:24 EDT
Created attachment 604101 [details]
Patchfile that solve the problem

Description of problem:

I found a buffer overflow on so_resolv() function, at socket.c source file.

I opened a ticket on bugtraq from SourceForge (https://sourceforge.net/tracker/?func=detail&aid=3556189&group_id=197861&atid=963162), but it may take a long time to generate a new version, so I'm opening here too

I have to fix (patachfile attached): just replace the line...
memcpy(host, &ad->sin_addr, p->ai_addrlen);
memcpy(host, &ad->sin_addr, sizeof(struct in_addr));


Version-Release number of selected component:


How reproducible:

form one:
1. add the "-g" parameter on MYFLAGS variable at cntlm-0.92-Makefile.patch
2. rebuild the RPM and install it
3. add several "Listen" clauses with IP:PORT on /etc/cntlm.conf
4. start cntlm service
5. run "netstat -atnp": CNTLM does open a different port from specified on /etc/cntlm.conf (caused by memory corruption)

form two:
1. add these lines on socket.c before the "memcpy(host, &ad->sin_addr, p->ai_addrlen);" line:
printf("so_resolv() : sizeof(*host) = %u\n", sizeof(*host));
printf("so_resolv() : sizeof(struct in_addr) = %u\n", sizeof(struct in_addr));
printf("so_resolv() : p->ai_addrlen = %u\n", p->ai_addrlen);
2. start cntlm service and look to displayed messages
Comment 1 Fabiano Martins 2012-08-20 10:24:52 EDT
My Sourceforge ticker was answered: this bug already corrected on current (0.92.3) release of cntlm.

Do you can update the package? If you have no time, I can try do it...
Comment 2 Fedora End Of Life 2013-07-03 20:11:07 EDT
This message is a reminder that Fedora 17 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 17. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '17'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 17's end of life.

Bug Reporter:  Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 17 is end of life. If you 
would still like  to see this bug fixed and are able to reproduce it 
against a later version  of Fedora, you are encouraged  change the 
'version' to a later Fedora version prior to Fedora 17's end of life.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.
Comment 3 Fabiano Martins 2013-07-04 13:08:16 EDT
I had no answer to comment 1, and despite this bug has been fixed in 0.92.3 version, the CNTLM Fedora package remains on 0.92 version.

The bug persists on Fedora 19: please update package to current version to solve this problem.
Comment 4 Matt Domsch 2013-07-05 13:11:31 EDT
fmartins - if you'd care to become package maintainer for cntlm, I'd be more than happy to hand it over to you.  Please advise.
Comment 5 Sandro Mani 2013-08-08 08:39:14 EDT
The stack-protector=strong changes in F20+ now cause cntlm to be terminated (*** stack smashing detected ***). Since I use this, I'm happy to take over maintainership if desired. I've started by requesting commit ACLs.
Comment 6 Sandro Mani 2013-08-22 06:00:53 EDT
Comment 7 Fedora Admin XMLRPC Client 2013-08-22 08:09:38 EDT
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 8 Fedora Update System 2013-08-22 10:34:54 EDT
cntlm-0.92.3-1.fc19 has been submitted as an update for Fedora 19.
Comment 9 Fedora Update System 2013-08-22 10:35:50 EDT
cntlm-0.92.3-1.fc18 has been submitted as an update for Fedora 18.
Comment 10 Fedora Update System 2013-08-22 20:28:34 EDT
Package cntlm-0.92.3-1.fc18:
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing cntlm-0.92.3-1.fc18'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
Comment 11 Fedora Update System 2013-08-26 17:13:20 EDT
cntlm-0.92.3-2.fc18 has been submitted as an update for Fedora 18.
Comment 12 Fedora Update System 2013-08-26 17:14:16 EDT
cntlm-0.92.3-2.fc19 has been submitted as an update for Fedora 19.
Comment 13 Fedora Update System 2013-09-04 21:31:53 EDT
cntlm-0.92.3-2.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 14 Fedora Update System 2013-09-04 21:34:03 EDT
cntlm-0.92.3-2.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.