Re: problems in get_rfc1413_data()


Arkadiusz Mi¶kiewicz (misiek@misiek.eu.org)
Mon, 23 Aug 1999 11:48:28 +0200


On Fri, 20 Aug 1999, Arkadiusz Mi¶kiewicz wrote:

> Fix for this tomorow.

I fixed this posibly security hole (DoS attack) using POSIX siglongjmp()
and sigsetjmp(). Now alarm() breaks read() after timeout...

Also I created basic autoconf/automake support (but not yet
finished - I have no time to do this).

ps. I missed one thing :-( in main.c
if (getnameinfo((struct sockaddr *)&socket_addr,
                SA_LEN((struct sockaddr *)&socket_addr),
                remote_addr, sizeof(remote_addr), NULL, 0,
- 0) != 0) {
+ NI_NAMEREQD) != 0) {
getnameinfo((struct sockaddr *)&socket_addr,
                SA_LEN((struct sockaddr *)&socket_addr),
                remote_addr, sizeof(remote_addr), NULL, 0,
                NI_NUMERICHOST);

full patch at:
http://www(.ipv6).misiek.eu.org/ipv6/cfingerd-1.4.0-ipv6-210899.patch.gz

-- 
+ Arkadiusz Mi¶kiewicz \/ PLD/Linux  IPv6 ready +
+ misiek@misiek.eu.org /\ http://www.pld.org.pl +

Index: rfc1413.c =================================================================== RCS file: /CVSROOT/cfingerd/src/rfc1413.c,v retrieving revision 1.17 retrieving revision 1.20 diff -u -r1.17 -r1.20 --- rfc1413.c 1999/08/19 12:29:25 1.17 +++ rfc1413.c 1999/08/20 18:02:57 1.20 @@ -16,10 +16,11 @@ #include "cfingerd.h" +static jmp_buf ident_alarm; + void rfc1413_alarm(int signal) { - if (signal == SIGALRM) - ident_user = "unknown@alarm.signal"; + siglongjmp(ident_alarm, 1); } /* Self contained RFC1413 implementation. Thanks to Joel Katz for parts of @@ -29,7 +30,8 @@ #define BUFLEN 256 char *get_rfc1413_data( struct sockaddr_storage local_addr ) { - int j, err, errcon = -1; + + static int j = -1, err = -1; char buffer[1024], buf[BUFLEN], uname[64], *bleah; char *cp, *xp; struct addrinfo hints, *res, *res0; @@ -43,7 +45,12 @@ if((err = getaddrinfo(ip_address, "113", &hints, &res0)) < 0) { syslog(LOG_ERR, "rfc1413-getaddrinfo: %s", gai_strerror(err)); snprintf(bleah, BUFLEN, "unknown@%s", remote_addr); - alarm(0); + return(bleah); + } + err = -1; + + if (sigsetjmp(ident_alarm, 1) != 0) { + snprintf(bleah, BUFLEN, "alarm.signal@%s", remote_addr); return(bleah); } signal(SIGALRM, rfc1413_alarm); @@ -64,12 +71,12 @@ if (connect(j, res->ai_addr, res->ai_addrlen) < 0) close(j); else { - errcon = 0; + err = 0; break; } } freeaddrinfo(res0); - if (errcon < 0) { + if (err < 0) { syslog(LOG_ERR, "rfc1413-socket-or-connect problem"); snprintf(bleah, BUFLEN, "unknown@%s", remote_addr); alarm(0); Index: cfingerd.h =================================================================== RCS file: /CVSROOT/cfingerd/src/cfingerd.h,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- cfingerd.h 1999/08/17 22:32:08 1.2 +++ cfingerd.h 1999/08/20 18:02:57 1.3 @@ -28,6 +28,7 @@ #include <ctype.h> #include <time.h> #include <pwd.h> +#include <setjmp.h> #include <netinet/in.h> #include <sys/socket.h>




This archive was generated by hypermail 2.0b3 on Mon Aug 23 1999 - 11:56:11 CEST