Bug#334304: cfengine2: buffer overflow somewhere with rebuild against libssl0.9.8

[Steinar H. Gunderson]

Package: cfengine2
Version: 2.1.15-1.0.1
Severity: grave
Justification: renders package unusable

Hi,

We're using cfengine2 over IPv6, and since 2.1.15-1.0.1 (which was
rebuilt against libssl 0.9.7; 2.1.15-1.0 works), we've had odd problems
with authentication. More specifically, the machine identifies itself
with the wrong IPv6 address; some nibbles are switched with 1c00:0000.
Note the following behaviour from strace of cfagent:

  socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP) = 3
  connect(3, {sa_family=AF_INET6, sin6_port=htons(5308), inet_pton(AF_INET6, 
"2001:700:300:dc0f::1919", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) 
= 0
  getsockname(3, {sa_family=AF_INET6, sin6_port=htons(32770), 
inet_pton(AF_INET6, "2001:700:300:dc0f:213:d4ff:fe9c:7d3d", &sin6_addr), 
sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 0

At this point, getsockname() returns the correct IPv6 address. Then,
time passes, but nothing is done with fd 3, until:

  getsockname(3, {sa_family=AF_INET6, sin6_port=htons(58321), 
inet_pton(AF_INET6, "2001:700:300:dc0f:1c00:0:fe9c:7d3d", &sin6_addr), 
sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 0

Note that the middle part of the address suddenly is mangled, and this
breaks authentication, so cfengine becomes completely useless (since
authentication fails). My guess here is that something overwrites random
memory, causing corruption to something internal to glibc.

Switching kernels (2.6.8 / 2.6.12 / 2.6.13) doesn't help, and
downgrading libc6 to the version in etch doesn't either. nscd is off.

This is broken in exactly the same way on multiple machines, although a
few seem to survive... in any case, downgrading cfengine to the version
in etch (2.1.15-1) solves the problem.

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-1-k7
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)

Versions of packages cfengine2 depends on:
ii  debconf                       1.4.58     Debian configuration management sy
ii  debianutils                   2.15       Miscellaneous utilities specific t
ii  libc6                         2.3.5-7    GNU C Library: Shared libraries an
ii  libdb4.2                      4.2.52-20  Berkeley v4.2 Database Libraries [
ii  libssl0.9.8                   0.9.8-3    SSL shared libraries
ii  perl                          5.8.7-6    Larry Wall's Practical Extraction 

cfengine2 recommends no packages.

-- debconf-show failed


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]