Bug#521260: iodined: segfaults when client connects
Hi, I just found the same bug while I was trying to connect to the iodined from a debian stable using the iodine client from the source code (version 0.5.1). I have seen in the code, that it checks the version number, but it isn't done correctly. I know that the last version of this code have solved this issue, but the current version in debian stable has this bug, and it is very dangerous. I attach a patch that solves the segmentation fault. Greetings. -- Albert SellarèsGPG id: 0x13053FFE http://www.wekk.netwh...@jabber.org Linux User: 324456 diff -bBur a/iodined.c b/iodined.c --- a/iodined.c 2008-08-06 22:26:36.0 +0200 +++ b/iodined.c 2009-04-26 12:55:55.0 +0200 @@ -189,7 +188,6 @@ ((unpacked[3] 0xff))); } - if (version == VERSION) { userid = find_available_user(); if (userid = 0) { struct sockaddr_in *tempin; @@ -201,15 +199,16 @@ memcpy((users[userid].q), q, sizeof(struct query)); users[userid].encoder = get_base32_encoder(); + if (version == VERSION) { send_version_response(dns_fd, VERSION_ACK, users[userid].seed, users[userid]); + } else { + send_version_response(dns_fd, VERSION_NACK, VERSION, users[userid]); + } users[userid].q.id = 0; } else { /* No space for another user */ send_version_response(dns_fd, VERSION_FULL, USERS, NULL); } - } else { - send_version_response(dns_fd, VERSION_NACK, VERSION, NULL); - } } else if(in[0] == 'L' || in[0] == 'l') { read = unpack_data(unpacked, sizeof(unpacked), (in[1]), read - 1, b32); /* Login phase, handle auth */ signature.asc Description: Això és una part d'un missatge signada digitalment
Bug#521260: iodined: segfaults when client connects
On Sun, 26 Apr 2009 13:05:20 +0200, Albert Sellarès wrote: I have seen in the code, that it checks the version number, but it isn't done correctly. I know that the last version of this code have solved this issue, but the current version in debian stable has this bug, and it is very dangerous. I attach a patch that solves the segmentation fault. Thanks for your mail and the patch! I agree that this bug is annoying but I don't see it's a valid reason for an update in stable (point releases for stable contain only security relevant fixes and sometimes fixes for grave bugs). In case you haven't seen it yet, I've created a backport of 5.1.2 for lenny, it's avaliable at http://backports.org/ May I suggest that you use this version? Cheers, gregor -- .''`. Home: http://info.comodo.priv.at/{,blog/} / GPG Key ID: 0x00F3CFE4 : :' : Debian GNU/Linux user, admin, developer - http://www.debian.org/ `. `' Member of VIBE!AT, SPI Inc., fellow of FSFE | http://got.to/quote/ `-NP: James Taylor: Country Road signature.asc Description: Digital signature
Bug#521260: iodined: segfaults when client connects
On Fri, 27 Mar 2009 10:11:02 +0100, martin f krafft wrote: My suspicion is that you are running an iodine 5.x client against an iodined 4.x server -- is that true? Yes, good analysis. Silly that I didn't think of it. :) :) Well, it's not really obvious without clear documentation/error messages. * check if my suspicion with the protocol discrepancy is true? * maybe try with a 5.x version on the server? Yeah, it works with a backport. Great, thanks for checking! I will add the note to README.Debian again, and I can also create a backport package after the package I'm going to upload later hits testing. Sweet, thanks, I leave this bug open until the backported package is available. Cheers, gregor -- .''`. Home: http://info.comodo.priv.at/{,blog/} / GPG Key ID: 0x00F3CFE4 : :' : Debian GNU/Linux user, admin, developer - http://www.debian.org/ `. `' Member of VIBE!AT, SPI Inc., fellow of FSFE | http://got.to/quote/ `-NP: JBO: K�nige signature.asc Description: Digital signature
Bug#521260: iodined: segfaults when client connects
also sprach gregor herrmann gre...@debian.org [2009.03.26.1712 +0100]: My suspicion is that you are running an iodine 5.x client against an iodined 4.x server -- is that true? Yes, good analysis. Silly that I didn't think of it. :) * check if my suspicion with the protocol discrepancy is true? * maybe try with a 5.x version on the server? Yeah, it works with a backport. I will add the note to README.Debian again, and I can also create a backport package after the package I'm going to upload later hits testing. Sweet, thanks, -- .''`. martin f. krafft madd...@d.o Related projects: : :' : proud Debian developer http://debiansystem.info `. `'` http://people.debian.org/~madduckhttp://vcs-pkg.org `- Debian - when you have better things to do than fixing systems the reason the mainstream is thought of as a stream is because it is so shallow. digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/)
Bug#521260: iodined: segfaults when client connects
Package: iodine Version: 0.4.2-1 Severity: important When iodined starts iodined -f -DDD -u iodine -t /var/run/iodine -P foo -l 130.60.75.73 192.168.254.245 r.neokon.ch and a client connects, iodined segfaults. strace is attached. I can reproduce at will but don't really know what other info to provide right now. -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.28-1-686 (SMP w/1 CPU core) Locale: LANG=en_GB, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages iodine depends on: ii adduser3.110 add and remove users and groups ii debconf [debconf-2.0] 1.5.26Debian configuration management sy ii libc6 2.9-6 GNU C Library: Shared libraries ii makedev2.3.1-88 creates device files in /dev ii udev 0.125-7 /dev/ and hotplug management daemo ii zlib1g 1:1.2.3.3.dfsg-13 compression library - runtime iodine recommends no packages. Versions of packages iodine suggests: ii dnsutils 1:9.5.1.dfsg.P2-1 Clients provided with BIND ii fping 2.4b2-to-ipv6-16 sends ICMP ECHO_REQUEST packets to ii gawk 1:3.1.5.dfsg-4.1 GNU awk, a pattern scanning and pr ii ipcalc 0.41-1parameter calculator for IPv4 addr ii iproute20090115-1networking and traffic control too -- debconf information excluded -- .''`. martin f. krafft madd...@d.o Related projects: : :' : proud Debian developer http://debiansystem.info `. `'` http://people.debian.org/~madduckhttp://vcs-pkg.org `- Debian - when you have better things to do than fixing systems iodined.strace.bz2 Description: Binary data digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/)
Bug#521260: iodined: segfaults when client connects
On Thu, 26 Mar 2009 10:32:42 +0100, martin f krafft wrote: When iodined starts iodined -f -DDD -u iodine -t /var/run/iodine -P foo -l 130.60.75.73 192.168.254.245 r.neokon.ch and a client connects, iodined segfaults. strace is attached. I can reproduce at will but don't really know what other info to provide right now. Thanks for the bug report, and that's indeed nasty. My suspicion is that you are running an iodine 5.x client against an iodined 4.x server -- is that true? I tried now by starting the 0.4.2 server and connecting with the 0.5.1 client, and the result looks looks yours: [..] select(5, [4], NULL, NULL, {1, 0}) = 1 (in [4], left {0, 92}) recvfrom(4, \374\226\0\0\0\1\0\0\0\0\0\0\vVka\6tunnel\6c..., 65536, 0, {sa_family=AF_INET, sin_port=htons(59285), sin_addr=inet_addr(195.34.133.10)}, [16]) = 51 --- SIGSEGV (Segmentation fault) @ 0 (0) --- (With the 0.5.1 client against the 0.5.1 server evreything is fine.) I'm not surprised that the protocols are not compatible but what suprises me is * that I don't find the documentation for the behaviour at the moment (ok, later I saw in my svn log that I added and removed in in/from README.Debian but forgot about it with the 5.x release) * that the client doesn't spit out a warning although there are some lines in the code that check the protocol versions. Ok, the server probably segfaults _before_ Could you please * check if my suspicion with the protocol discrepancy is true? * maybe try with a 5.x version on the server? I will add the note to README.Debian again, and I can also create a backport package after the package I'm going to upload later hits testing. Any other ideas? Cheers, gregor -- .''`. Home: http://info.comodo.priv.at/{,blog/} / GPG Key ID: 0x00F3CFE4 : :' : Debian GNU/Linux user, admin, developer - http://www.debian.org/ `. `' Member of VIBE!AT, SPI Inc., fellow of FSFE | http://got.to/quote/ `-NP: U2: Unchained Melody (live bootleg signature.asc Description: Digital signature