Hi Peter,
I looked at src/tcsd/tcsd_threads.c real quick...
@Peter: Would you mind commenting out line 167:
"tm->thread_data[thread_num].hostname = NULL;" and see if this helps ?
Since thread_num == -1 in the error-case you describe this should go wrong...
;-)
@Vicky: would you mind guaring line 167 with the following in any case (even if
it is not what triggered Peter's error) ?
if (hostname != NULL) {
+ if (thread_num != -1)
+ tm->thread_data[thread_num].hostname = NULL;
- tm->thread_data[thread_num].hostname = NULL;
free(hostname);
Cheers,
Andreas
________________________________________
From: Peter Hüwe [[email protected]]
Sent: Wednesday, July 30, 2014 21:33
To: [email protected]
Subject: [TrouSerS-tech] Local DoS / Segfault in tcsd
Hi,
I found an easily exploitable local denial of service in tcsd due to a
segfault.
Steps to reproduce:
10 times
$ nc localhost 30003 &
Result:
# tcsd -f
TCSD tcsd_conf.c:98 platform_class_list_append: platform_class_list_append
start:
TCSD tcsd_conf.c:130 platform_class_list_append: Platform Class Added.
TCSD TCS ps/ps_utils.c:511 init_disk_cache: found 13 valid key(s) on disk.
TCSD TCS tcsi_caps_tpm.c:43 Entering Get Cap
To TPM: 00 C1 00 00 00 12 00 00 00 65 00 00 00 1A 00 00
To TPM: 00 00
...
TCSD TDDL tddl.c:171 Calling write to driver
>From TPM: 00 C4 00 00 00 10 00 00 00 00 00 00 00 02 00 00
TCSD svrside.c:493 trousers 0.3.13: TCSD up and running.
TCSD svrside.c:531 Waiting for connections
TCSD svrside.c:556 accepted socket 7
TCSD svrside.c:531 Waiting for connections
TCSD svrside.c:556 accepted socket 8
TCSD svrside.c:531 Waiting for connections
TCSD svrside.c:556 accepted socket 9
TCSD svrside.c:531 Waiting for connections
TCSD svrside.c:556 accepted socket 10
TCSD svrside.c:531 Waiting for connections
TCSD svrside.c:556 accepted socket 11
TCSD svrside.c:531 Waiting for connections
TCSD svrside.c:556 accepted socket 12
TCSD svrside.c:531 Waiting for connections
TCSD svrside.c:556 accepted socket 13
TCSD svrside.c:531 Waiting for connections
TCSD svrside.c:556 accepted socket 14
TCSD svrside.c:531 Waiting for connections
TCSD svrside.c:556 accepted socket 15
TCSD svrside.c:531 Waiting for connections
TCSD svrside.c:556 accepted socket 16
TCSD svrside.c:531 Waiting for connections
TCSD svrside.c:556 accepted socket 17
TCSD ERROR: tcsd_threads.c:114 max number of connections reached (10), new
connection from localhost refused.
LOG_RETERR TCSD TCS tcsd_threads.c:119: 0x103
Segmentation Fault
Expected Result:
tcsd continues to work
trousers version:
TROUSERS_0_3_13
Unfortunately I haven't found time to dig through the code...
Thanks,
Peter
------------------------------------------------------------------------------
Infragistics Professional
Build stunning WinForms apps today!
Reboot your WinForms applications with our WinForms controls.
Build a bridge from your legacy apps to the future.
http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
_______________________________________________
TrouSerS-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-tech
------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
TrouSerS-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-tech
