Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 14 Nov 2002 19:38:29 +0100
From:      =?iso-8859-1?Q?Knud_Erik_H=F8jgaard?= <knud@skodliv.dk>
To:        <ports@freebsd.org>, <mita@FreeBSD.org>
Subject:   security problem in /usr/ports/comms/efax
Message-ID:  <039801c28c0d$07d52d70$24029dd9@tuborg>

next in thread | raw e-mail | index | archive | help
===>  SECURITY NOTE:
      This port has installed the following binaries which execute with
      increased privileges.
326461  192 -rwsr-xr-x    1 uucp             dialer              97432 Nov
14 19:13 /usr/local/bin/efax

$ gdb -q /usr/local/bin/efax
(no debugging symbols found)...(gdb) r -x `perl -e 'print "A" x 1056'`
Starting program: /usr/local/bin/efax -x `perl -e 'print "A" x 1056'`
/usr/local/bin/efax: Thu Nov 14 19:29:32 2002 efax v 0.9a-001114 Copyright
1999 Ed Casas
/usr/local/bin/efax: Thu Nov 14 19:29:32 2002 efax v 0.9a-001114 Copyright
1999 Ed Casas
efax: 29:32 compiled Nov 14 2002 19:26:43
efax: 29:32 Error: can't open pre-lock file [A lot of A's here]: File name
too long
(no debugging symbols found)...(no debugging symbols found)...
Program received signal SIGSEGV, Segmentation fault.
0x41414141 in ?? ()
(gdb)

the following diff (gently provided by the author of efax) fixes it:
*** efaxos.c~   Mon Mar  1 22:18:30 1999
--- efaxos.c    Mon Sep 30 18:53:13 2002
***************
*** 409,414 ****
--- 409,420 ----

    err = ttlocked ( fname, log ) ;

+   if ( strlen ( fname ) + 11 > EFAX_PATH_MAX ) {
+       err = msg ( "E2lock file path too long (must be <= %d characters)",
+                 EFAX_PATH_MAX - 11 );
+   }
+
+
    if ( ! err ) {
      dirlen = ( p = strrchr( fname , '/' ) ) ? p-fname+1 : strlen ( fname )
;
      sprintf ( buf , "%.*sTMP..%05d" , dirlen , fname , (int) pid ) ;

I forgot to notify you when I reveived the reply from the author, sorry.

--
Knud Erik Højgaard


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?039801c28c0d$07d52d70$24029dd9>