Bug#521260: iodined: segfaults when client connects
Hi,
I just found the same bug while I was trying to connect to the iodined
from a debian stable using the iodine client from the source code
(version 0.5.1).
I have seen in the code, that it checks the version number, but it isn't
done correctly. I know that the last version of this code have solved
this issue, but the current version in debian stable has this bug, and
it is very dangerous.
I attach a patch that solves the segmentation fault.
Greetings.
--
Albert SellarèsGPG id: 0x13053FFE
http://www.wekk.netwh...@jabber.org
Linux User: 324456
diff -bBur a/iodined.c b/iodined.c
--- a/iodined.c 2008-08-06 22:26:36.0 +0200
+++ b/iodined.c 2009-04-26 12:55:55.0 +0200
@@ -189,7 +188,6 @@
((unpacked[3] 0xff)));
}
- if (version == VERSION) {
userid = find_available_user();
if (userid = 0) {
struct sockaddr_in *tempin;
@@ -201,15 +199,16 @@
memcpy((users[userid].q), q, sizeof(struct query));
users[userid].encoder = get_base32_encoder();
+ if (version == VERSION) {
send_version_response(dns_fd, VERSION_ACK, users[userid].seed, users[userid]);
+ } else {
+ send_version_response(dns_fd, VERSION_NACK, VERSION, users[userid]);
+ }
users[userid].q.id = 0;
} else {
/* No space for another user */
send_version_response(dns_fd, VERSION_FULL, USERS, NULL);
}
- } else {
- send_version_response(dns_fd, VERSION_NACK, VERSION, NULL);
- }
} else if(in[0] == 'L' || in[0] == 'l') {
read = unpack_data(unpacked, sizeof(unpacked), (in[1]), read - 1, b32);
/* Login phase, handle auth */
signature.asc
Description: Això és una part d'un missatge signada digitalment
Bug#521260: iodined: segfaults when client connects
On Sun, 26 Apr 2009 13:05:20 +0200, Albert Sellarès wrote:
I have seen in the code, that it checks the version number, but it isn't
done correctly. I know that the last version of this code have solved
this issue, but the current version in debian stable has this bug, and
it is very dangerous.
I attach a patch that solves the segmentation fault.
Thanks for your mail and the patch!
I agree that this bug is annoying but I don't see it's a valid reason
for an update in stable (point releases for stable contain only
security relevant fixes and sometimes fixes for grave bugs).
In case you haven't seen it yet, I've created a backport of 5.1.2 for
lenny, it's avaliable at http://backports.org/
May I suggest that you use this version?
Cheers,
gregor
--
.''`. Home: http://info.comodo.priv.at/{,blog/} / GPG Key ID: 0x00F3CFE4
: :' : Debian GNU/Linux user, admin, developer - http://www.debian.org/
`. `' Member of VIBE!AT, SPI Inc., fellow of FSFE | http://got.to/quote/
`-NP: James Taylor: Country Road
signature.asc
Description: Digital signature
Bug#521260: iodined: segfaults when client connects
On Fri, 27 Mar 2009 10:11:02 +0100, martin f krafft wrote:
My suspicion is that you are running an iodine 5.x client against
an iodined 4.x server -- is that true?
Yes, good analysis. Silly that I didn't think of it. :)
:)
Well, it's not really obvious without clear documentation/error
messages.
* check if my suspicion with the protocol discrepancy is true?
* maybe try with a 5.x version on the server?
Yeah, it works with a backport.
Great, thanks for checking!
I will add the note to README.Debian again, and I can also create a
backport package after the package I'm going to upload later hits
testing.
Sweet, thanks,
I leave this bug open until the backported package is available.
Cheers,
gregor
--
.''`. Home: http://info.comodo.priv.at/{,blog/} / GPG Key ID: 0x00F3CFE4
: :' : Debian GNU/Linux user, admin, developer - http://www.debian.org/
`. `' Member of VIBE!AT, SPI Inc., fellow of FSFE | http://got.to/quote/
`-NP: JBO: K�nige
signature.asc
Description: Digital signature
Bug#521260: iodined: segfaults when client connects
also sprach gregor herrmann gre...@debian.org [2009.03.26.1712 +0100]: My suspicion is that you are running an iodine 5.x client against an iodined 4.x server -- is that true? Yes, good analysis. Silly that I didn't think of it. :) * check if my suspicion with the protocol discrepancy is true? * maybe try with a 5.x version on the server? Yeah, it works with a backport. I will add the note to README.Debian again, and I can also create a backport package after the package I'm going to upload later hits testing. Sweet, thanks, -- .''`. martin f. krafft madd...@d.o Related projects: : :' : proud Debian developer http://debiansystem.info `. `'` http://people.debian.org/~madduckhttp://vcs-pkg.org `- Debian - when you have better things to do than fixing systems the reason the mainstream is thought of as a stream is because it is so shallow. digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/)
Bug#521260: iodined: segfaults when client connects
Package: iodine Version: 0.4.2-1 Severity: important When iodined starts iodined -f -DDD -u iodine -t /var/run/iodine -P foo -l 130.60.75.73 192.168.254.245 r.neokon.ch and a client connects, iodined segfaults. strace is attached. I can reproduce at will but don't really know what other info to provide right now. -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.28-1-686 (SMP w/1 CPU core) Locale: LANG=en_GB, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages iodine depends on: ii adduser3.110 add and remove users and groups ii debconf [debconf-2.0] 1.5.26Debian configuration management sy ii libc6 2.9-6 GNU C Library: Shared libraries ii makedev2.3.1-88 creates device files in /dev ii udev 0.125-7 /dev/ and hotplug management daemo ii zlib1g 1:1.2.3.3.dfsg-13 compression library - runtime iodine recommends no packages. Versions of packages iodine suggests: ii dnsutils 1:9.5.1.dfsg.P2-1 Clients provided with BIND ii fping 2.4b2-to-ipv6-16 sends ICMP ECHO_REQUEST packets to ii gawk 1:3.1.5.dfsg-4.1 GNU awk, a pattern scanning and pr ii ipcalc 0.41-1parameter calculator for IPv4 addr ii iproute20090115-1networking and traffic control too -- debconf information excluded -- .''`. martin f. krafft madd...@d.o Related projects: : :' : proud Debian developer http://debiansystem.info `. `'` http://people.debian.org/~madduckhttp://vcs-pkg.org `- Debian - when you have better things to do than fixing systems iodined.strace.bz2 Description: Binary data digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/)
Bug#521260: iodined: segfaults when client connects
On Thu, 26 Mar 2009 10:32:42 +0100, martin f krafft wrote:
When iodined starts
iodined -f -DDD -u iodine -t /var/run/iodine -P foo -l
130.60.75.73 192.168.254.245 r.neokon.ch
and a client connects, iodined segfaults. strace is attached. I can
reproduce at will but don't really know what other info to provide
right now.
Thanks for the bug report, and that's indeed nasty.
My suspicion is that you are running an iodine 5.x client against an
iodined 4.x server -- is that true?
I tried now by starting the 0.4.2 server and connecting with the 0.5.1
client, and the result looks looks yours:
[..]
select(5, [4], NULL, NULL, {1, 0}) = 1 (in [4], left {0, 92})
recvfrom(4, \374\226\0\0\0\1\0\0\0\0\0\0\vVka\6tunnel\6c..., 65536,
0, {sa_family=AF_INET, sin_port=htons(59285),
sin_addr=inet_addr(195.34.133.10)}, [16]) = 51
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
(With the 0.5.1 client against the 0.5.1 server evreything is fine.)
I'm not surprised that the protocols are not compatible but what
suprises me is
* that I don't find the documentation for the behaviour at the moment
(ok, later I saw in my svn log that I added and removed in in/from
README.Debian but forgot about it with the 5.x release)
* that the client doesn't spit out a warning although there are some
lines in the code that check the protocol versions. Ok, the server
probably segfaults _before_
Could you please
* check if my suspicion with the protocol discrepancy is true?
* maybe try with a 5.x version on the server?
I will add the note to README.Debian again, and I can also create a
backport package after the package I'm going to upload later hits
testing.
Any other ideas?
Cheers,
gregor
--
.''`. Home: http://info.comodo.priv.at/{,blog/} / GPG Key ID: 0x00F3CFE4
: :' : Debian GNU/Linux user, admin, developer - http://www.debian.org/
`. `' Member of VIBE!AT, SPI Inc., fellow of FSFE | http://got.to/quote/
`-NP: U2: Unchained Melody (live bootleg
signature.asc
Description: Digital signature
