Package: rssh
Version: 2.2.3-3
Severity: normal
Tags: patch
The log_msg() function in log.c can traverse the same va_list twice
without first va_end()ing and va_start()ing. This causes a segfault on
amd64 - I don't know how it affects other archs. To reproduce, set up a
chroot user in rssh.conf and log into it using sftp. The log_msg() call
at main.c:255 will trigger it.
The following patch fixes the problem.
--- rssh-2.2.3.orig/log.c
+++ rssh-2.2.3/log.c
@@ -171,6 +171,8 @@
"Could not allocate mem in log_msg(),
log.c");
exit(1);
}
+ va_end( arglist );
+ va_start( arglist, msg );
vsnprintf( format_temp, retc + 1, msg, arglist );
}
/* if retc == -1, we must be compiled under pre-C99 libc */
@@ -183,6 +185,8 @@
exit(1);
}
memset( format_temp, 0, length );
+ va_end( arglist );
+ va_start( arglist, msg );
retc = vsnprintf( format_temp, length, msg, arglist );
}
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages rssh depends on:
ii debconf [debconf-2.0] 1.4.59 Debian configuration management sy
ii openssh-server 1:4.2p1-5 Secure shell server, an rshd repla
rssh recommends no packages.
-- debconf-show failed
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
