From owner-freebsd-ports  Thu Nov 14 10:34:21 2002
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 2C1F237B401; Thu, 14 Nov 2002 10:34:20 -0800 (PST)
Received: from cicero0.cybercity.dk (cicero0.cybercity.dk [212.242.40.52])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 9D68A43E7B; Thu, 14 Nov 2002 10:34:18 -0800 (PST)
	(envelope-from knud@skodliv.dk)
Received: from user4.cybercity.dk (fxp0.user4.ip.cybercity.dk [212.242.41.50])
	by cicero0.cybercity.dk (Postfix) with ESMTP
	id 48744102933; Thu, 14 Nov 2002 19:34:12 +0100 (CET)
Received: from tuborg (clenched.fi.st [217.157.2.36])
	by user4.cybercity.dk (Postfix) with SMTP
	id DEF045447; Thu, 14 Nov 2002 19:34:10 +0100 (CET)
Message-ID: <039801c28c0d$07d52d70$24029dd9@tuborg>
From: =?iso-8859-1?Q?Knud_Erik_H=F8jgaard?= <knud@skodliv.dk>
To: <ports@freebsd.org>, <mita@FreeBSD.org>
Subject: security problem in /usr/ports/comms/efax
Date: Thu, 14 Nov 2002 19:38:29 +0100
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-ports.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-ports>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-ports>
X-Loop: FreeBSD.org

===>  SECURITY NOTE:
      This port has installed the following binaries which execute with
      increased privileges.
326461  192 -rwsr-xr-x    1 uucp             dialer              97432 Nov
14 19:13 /usr/local/bin/efax

$ gdb -q /usr/local/bin/efax
(no debugging symbols found)...(gdb) r -x `perl -e 'print "A" x 1056'`
Starting program: /usr/local/bin/efax -x `perl -e 'print "A" x 1056'`
/usr/local/bin/efax: Thu Nov 14 19:29:32 2002 efax v 0.9a-001114 Copyright
1999 Ed Casas
/usr/local/bin/efax: Thu Nov 14 19:29:32 2002 efax v 0.9a-001114 Copyright
1999 Ed Casas
efax: 29:32 compiled Nov 14 2002 19:26:43
efax: 29:32 Error: can't open pre-lock file [A lot of A's here]: File name
too long
(no debugging symbols found)...(no debugging symbols found)...
Program received signal SIGSEGV, Segmentation fault.
0x41414141 in ?? ()
(gdb)

the following diff (gently provided by the author of efax) fixes it:
*** efaxos.c~   Mon Mar  1 22:18:30 1999
--- efaxos.c    Mon Sep 30 18:53:13 2002
***************
*** 409,414 ****
--- 409,420 ----

    err = ttlocked ( fname, log ) ;

+   if ( strlen ( fname ) + 11 > EFAX_PATH_MAX ) {
+       err = msg ( "E2lock file path too long (must be <= %d characters)",
+                 EFAX_PATH_MAX - 11 );
+   }
+
+
    if ( ! err ) {
      dirlen = ( p = strrchr( fname , '/' ) ) ? p-fname+1 : strlen ( fname )
;
      sprintf ( buf , "%.*sTMP..%05d" , dirlen , fname , (int) pid ) ;

I forgot to notify you when I reveived the reply from the author, sorry.

--
Knud Erik Højgaard


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message