Date: Thu, 30 Oct 2003 09:42:13 -0500 From: "Dan Langille" <dan@langille.org> To: FreeBSD-hackers@freebsd.org Subject: libwrap crash Message-ID: <3FA0DCF5.27646.1A027A88@localhost>
next in thread | raw e-mail | index | archive | help
I've been tracking down a libwrap call which crashes the application.
The crash occurs on line 395 of contrib/tcp_wrappers/options.c, but
I have no idea.
The situation:
- The daemon starts on the remote client.
- Connection is attempted from another box via port 9102
- The daemon uses hosts_access(3) to see if the connection is allowed
- /etc/hosts.allow contains no explit allow/deny for this connection
which means this line is invoked:
# The rest of the daemons are protected.
ALL : ALL \
: severity auth.info \
: twist /bin/echo "You are not welcome to use %d from %h."
When the host_acess calls invokes twist_option
(contrib/tcp_wrappers/options.c:370), things blow up on this call:
(void) execl("/bin/sh", "sh", "-c", value, (char *) 0);
Any ideas? Suggestions?
Thank you
[root@bast:/usr/ports/sysutils/bacula/work/bacula-1.32b/src/filed] #
gdb ./bacula-fd
GNU gdb 4.18 (FreeBSD)
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and
you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for
details.
This GDB was configured as "i386-unknown-freebsd"...Deprecated
bfd_read called at /usr/src/gnu/usr.bin/binutils/gdb/../../../../con
trib/gdb/gdb/dwarf2read.c line 3049 in dwarf2_read_section
(gdb) source ~/debug
Breakpoint 1 at 0x805a365: file bnet_server.c, line 152.
Breakpoint 1, bnet_thread_server (bind_addr=0x0, port=9102,
max_clients=10, client_wq=0x807c4a0,
handle_client_request=0x804d3c0 <handle_client_request(void *)>)
at bnet_server.c:152
152 fromhost(&request);
Current language: auto; currently c++
(gdb) n
153 if (!hosts_access(&request)) {
(gdb) s
0x8049cc8 in hosts_access () at
/usr/src/lib/libwrap/../../contrib/tcp_wrappers/hosts_access.c:126
126
(gdb) /usr/src/lib/libwrap/../../contrib/tcp_wrappers/options.c:395
Undefined command: "". Try "help".
(gdb) b /usr/src/lib/libwrap/../../contrib/tcp_wrappers/options.c:395
Breakpoint 2 at 0x280a1766: file
/usr/src/lib/libwrap/../../contrib/tcp_wrappers/options.c, line 395.
(gdb) c
Continuing.
Breakpoint 2, twist_option (value=0xbfbfe890 "/bin/echo \"You are not
welcome to use bast-fd from undef.unixathome.org.\"",
request=0xbfbff574) at
/usr/src/lib/libwrap/../../contrib/tcp_wrappers/options.c:395
395 (void) execl("/bin/sh", "sh", "-c", value, (char
*) 0);
Current language: auto; currently c
(gdb) list
390 maybe_dup2(request->fd, 2) != 2) {
391 error = "twist_option: dup: %m";
392 } else {
393 if (request->fd > 2)
394 close(request->fd);
395 (void) execl("/bin/sh", "sh", "-c", value, (char
*) 0);
396 error = "twist_option: /bin/sh: %m";
397 }
398
399 /* Something went wrong: we MUST terminate the
process. */
(gdb) print value
$1 = 0xbfbfe890 "/bin/echo \"You are not welcome to use bast-fd from
undef.unixathome.org.\""
(gdb) n
0x2809fb4c in _init () from /usr/lib/libwrap.so.3
(gdb) n
Single stepping until exit from function _init,
which has no line number information.
Error accessing memory address 0x281a1e84: Bad address.
(gdb
--
Dan Langille : http://www.langille.org/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3FA0DCF5.27646.1A027A88>