From owner-freebsd-ports Thu Jul 13 5:40: 6 2000 Delivered-To: freebsd-ports@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 0F95937C3AF for ; Thu, 13 Jul 2000 05:40:01 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id FAA93761; Thu, 13 Jul 2000 05:40:00 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: by hub.freebsd.org (Postfix, from userid 32767) id A821537C30A; Thu, 13 Jul 2000 05:31:34 -0700 (PDT) Message-Id: <20000713123134.A821537C30A@hub.freebsd.org> Date: Thu, 13 Jul 2000 05:31:34 -0700 (PDT) From: toyonaga@rr.iij4u.or.jp To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-1.0 Subject: ports/19888: qpopper3 dumps core for APOP authetification when without db Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 19888 >Category: ports >Synopsis: qpopper3 dumps core for APOP authetification when without db >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Jul 13 05:40:00 PDT 2000 >Closed-Date: >Last-Modified: >Originator: Tatsuto Toyonaga >Release: RELENG_4 >Organization: Fujitsu >Environment: FreeBSD neon.msd.ts.fujitsu.co.jp 4.0-STABLE FreeBSD 4.0-STABLE #0: Wed Jul 12 11:07:05 JST 2000 root@neon.msd.ts.fujitsu.co.jp:/usr/obj/usr/src/sys/NEON i386 >Description: qpopper 3.0.2 ports has serious bug in Qualcomm home made vsnprintf. It dumps core when challenged for APOP authentication in its initial state. here is the trace. --- GNU gdb 4.18 Copyright 1998 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-unknown-freebsd". (gdb) core-file /popper3.core Core was generated by `popper3'. Program terminated with signal 11, Segmentation fault. #0 0x80581c0 in ?? () (gdb) exec-file /usr/local/libexec/popper3 (gdb) symbol-file /usr/ports/mail/popper3/work/qpopper3.0.2/popper/popper Reading symbols from /usr/ports/mail/popper3/work/qpopper3.0.2/popper/popper... done. (gdb) where #0 0x80581c0 in Qvsnprintf (s=0xbfbfe5e0 "", n=1016, format=0x805b6e0 "[SYS/TEMP] POP authentication DB not available (user %s): %s (%s)", ap=0xbfbfe9a8 "dv??\s\005\bdv??{\202\005\b\001") at snprintf.c:224 #1 0xbfbfe585 in ?? () #2 0x804cfda in pop_msg (p=0xbfbff6e4, stat=POP_FAILURE, fn=0x805b62a "pop_apop.c", ln=156, format=0x805b6e0 "[SYS/TEMP] POP authentication DB not available (user %s): %s (%s)") at pop_msg.c:102 #3 0x8051f2a in pop_apop (p=0xbfbff6e4) at pop_apop.c:182 #4 0x804ffcd in main (argc=3, argv=0xbfbffce4) at popper.c:225 #5 0x8049ae9 in _start () >How-To-Repeat: virgin install qpopper3 ports, check ${PREFIX}/etc/popper/pop.auth.db is not exist yet. edit /etc/inetd.conf to invoke popper3 with -s option. Access port 110 via delegate or something witch tries APOP first. >Fix: issue popauth3 post-install if APOP db does not exists. or better fix common/snprintf.[ch], which seems to include problematic functions. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message