Bug#606808: marked as done (echoping crashes sometimes when used against HTTPS host)

[Debian Bug Tracking System]

Your message dated Sat, 12 Feb 2011 21:32:15 +0000
with message-id <e1pon4h-0001aw...@franck.debian.org>
and subject line Bug#606808: fixed in echoping 6.0.2-4
has caused the Debian Bug report #606808,
regarding echoping crashes sometimes when used against HTTPS host
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
606808: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606808
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: echoping
Version: 6.0.2-3
Severity: grave
Tags: security patch
Justification: user security hole

I use Smokeping to monitor a number of external hosts. echoping is
called by EchoPingHttps Smokeping probe, and it crashes several times a
week, resulting in syslog error like: 

Dec 11 00:13:27 bor kernel: [49668.766339] echoping[17510]: segfault at 
767c858e ip 0804db39 sp bfea8710 error 4 in echoping[8048000+9000]

Hopefully, I found the source of this crash. I'm now running the patched
echoping binary to verify the fix, which is provided below. (Strictly
speaking, only the last change is required, but the former two improve
safety without causing any harm.)

--- echoping-6.0.2.orig/readline.c
+++ echoping-6.0.2/readline.c
@@ -139,7 +139,8 @@
        if (ln) {
                /* Empty buffer */
                if (buf_end == 0) {
-                       rc = gnutls_record_recv(session, TLS_buffer, maxlen);
+                       rc = gnutls_record_recv(session, TLS_buffer,
+                                               maxlen > MAXTOREAD ? MAXTOREAD 
: maxlen);
                        if (rc == -1)
                                return rc;
                        buf_end = rc;
@@ -148,13 +149,14 @@
                /* No more data in the buffer */
                else if (buf_ptr == buf_end) {
                        buf_ptr = 0;
-                       rc = gnutls_record_recv(session, TLS_buffer, maxlen);
+                       rc = gnutls_record_recv(session, TLS_buffer,
+                                               maxlen > MAXTOREAD ? MAXTOREAD 
: maxlen);
                        if (rc == -1)
                                return rc;
                        buf_end = rc;
                } else if (TLS_buffer[buf_end] != '\n') {
                        rc = gnutls_record_recv(session, TLS_buffer + buf_end,
-                                               maxlen);
+                                               maxlen > MAXTOREAD - buf_end ? 
MAXTOREAD - buf_end : maxlen);
                        if (rc == -1)
                                return rc;
                        buf_end = buf_end + rc;


-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages echoping depends on:
ii  libc6                         2.11.2-7   Embedded GNU C Library: Shared lib
ii  libgnutls26                   2.8.6-1    the GNU TLS library - runtime libr
ii  libidn11                      1.15-2     GNU Libidn library, implementation
ii  libldap-2.4-2                 2.4.23-7   OpenLDAP libraries
ii  libpopt0                      1.16-1     lib for parsing cmdline parameters

echoping recommends no packages.

echoping suggests no packages.

-- no debconf information

--- End Message ---

--- Begin Message ---

Source: echoping
Source-Version: 6.0.2-4

We believe that the bug you reported is fixed in the latest version of
echoping, which is due to be installed in the Debian FTP archive:

echoping_6.0.2-4.diff.gz
  to main/e/echoping/echoping_6.0.2-4.diff.gz
echoping_6.0.2-4.dsc
  to main/e/echoping/echoping_6.0.2-4.dsc
echoping_6.0.2-4_i386.deb
  to main/e/echoping/echoping_6.0.2-4_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 606...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Dario Minnucci <mid...@debian.org> (supplier of updated echoping package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 12 Feb 2011 22:14:24 +0100
Source: echoping
Binary: echoping
Architecture: source i386
Version: 6.0.2-4
Distribution: unstable
Urgency: low
Maintainer: Dario Minnucci <mid...@debian.org>
Changed-By: Dario Minnucci <mid...@debian.org>
Description: 
 echoping   - A small test tool for TCP servers
Closes: 606808
Changes: 
 echoping (6.0.2-4) unstable; urgency=low
 .
   * debian/control:
     - Maintainer email address updated.
     - Added Vcs-Git and Vcs-Browser
     - debhelper dependency updated to >= 7.0.50~
     - Added dependency on ${misc:Depends}
     - Bumped Standards-Version to 3.9.1:
       - Added debian/source/format file
   * debian/rules:
     - Using dh_prep instead of dh_clean -k
     - Also remove plugins/dir file.
   * debian/patches:
     - Created clean up changes in original sources
       - 00-fix-config.guess.dpatch
       - 00-fix-config.sub.dpatch
     - Add new patch: 03-fix-for-https-creashes.diff (Closes: #606808)
       Thanks to Dmitry Semyonov <linu...@gmail.com>
     - Added headers on existing patches (DEP3)
   * debian/copyright:
     - Added debian/* section
Checksums-Sha1: 
 1ca3803a6f42e62b1b3c7129f68fc2efbfb9bf2e 1843 echoping_6.0.2-4.dsc
 6c6c78ba361b1fb8af0cce885f05f28befa73efd 16587 echoping_6.0.2-4.diff.gz
 f26dc1aa028dd19940e059df456af9ff7e05adb8 81512 echoping_6.0.2-4_i386.deb
Checksums-Sha256: 
 411c04800838680ec09a8b75c29f6d676fc7b3dd8fecb0f45f7197f3d4771f89 1843 
echoping_6.0.2-4.dsc
 af66af764494f524c30f12a63a25ec028664675d35779ebd7ef1e9e250bebf7f 16587 
echoping_6.0.2-4.diff.gz
 cb885f72195b55df29414401fdbbb32533753e1eb366e5ede0c92a0397b3bd65 81512 
echoping_6.0.2-4_i386.deb
Files: 
 cf61fdec88e5b6c6cda3daa7f3de2201 1843 net optional echoping_6.0.2-4.dsc
 a00f027c91af0258c6a409cdd83a889b 16587 net optional echoping_6.0.2-4.diff.gz
 b6e5f5fee123a45f7a5b5f9434f80b3c 81512 net optional echoping_6.0.2-4_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBCAAGBQJNVvmLAAoJEKgvu4Pz1XAz3qkP/ihczlPJnSz4GFPILCoke2/s
c5Ozhr23bUvy+sEGKueHMUjkoGSmslBg+XwJBc1u76ARoZpjibMUk2jqQR8lolgt
oWWgDH+z541Qb/741d4kWFqD8lDiloKUdTYowG4ayPNQe7yZ/rbFASTBu43DvU4h
DYWq9WUv6qQGRcBFIQ2o/bLW5s6C6RmJRhFwUUNS7GuuqHxrxBbvwG7vO0jf2YdY
OiAmmdlhCVeqgpo8qokP5WyOnIO9RXYnUwrNc4mOK1c5JOQP8L20EhFPGJWjQpJ7
S9flpHEtYjpCHabVJEpikLXmq62nvZ3YMA6BSy0gMf/Q+9hW8J1Lv/niuztDzJz5
ujaI8YFvhRe2pAC+utMld7RuLNE1l2RlcKydt4uD9wZBpnTBH0QA8UV2BlOjwzOX
KJghhOk9IFvEy/92H5Md9VA+OMVwN1byJBGDKqzhO+g8mYF7OesF3izuqk4XBa/R
jgVzkSOPV7mmvtKNB4pLZE7hcxKyaJ44lRwc6fxQ0t2xNHShpXGUF1kbTCToDH9U
jA/iZIeMw29qOMGvrrEQLnHzh6AryC1SxjjxOUVcgxsKq/1h2x0uldxNSDJsbAjK
GMpBk088dQmldU5xcHIaP8ET0G1xq1OZzTY775ctVgHlfdt4Y/bZJF8lcuR+UbeD
mZFa5AsdRBedMcNlJjuK
=rXIb
-----END PGP SIGNATURE-----

--- End Message ---