agialluc
agialluc
I should have thought to use snprintf(opt, sizeof(opt), .... ) it is much cleaner. We had to rebuild the debuginfo rpm, there was a problem with it. We are waiting...
I was away, however we did capture a backtrace from another buffer overflow, hopefully this is of some use: # egrep -m 1 -A 350 -B 10 'buffer over' /var/log/conserver...
Here is an analysis on what may be happening by a developer who kindly looked at the backtrace: ======= Backtrace: ========= /lib64/[libc.so.6(__fortify_fail+0x37)](http://libc.so.6(__fortify_fail+0x37)/)[0x7f9caa6987a7] /lib64/[libc.so.6(+0x116922)](http://libc.so.6(+0x116922)/)[0x7f9caa696922] /lib64/[libc.so.6(+0x118707)](http://libc.so.6(+0x118707)/)[0x7f9caa698707] /usr/sbin/conserver(+0x158b2)[0x56388f4368b2] /usr/sbin/conserver(+0x2588a)[0x56388f44688a] /usr/sbin/conserver(+0x1942f)[0x56388f43a42f] /usr/sbin/conserver(+0x78d8)[0x56388f4288d8] /lib64/[libc.so.6(__libc_start_main+0xf5)](http://libc.so.6(__libc_start_main+0xf5)/)[0x7f9caa5a2555] /usr/sbin/conserver(+0x7c58)[0x56388f428c58]...
FYI: We will be trying a modified conserver binary to try to nail this down further.
We created a patch to try to narrow this down: ( I had to put a | char in the code block at the first char due to formatting issues)...
The developer I was working with said: > I think we can just add a check for -1 and it should be fine. This code appears to be cleaning up...
"Is there a reason close() is used instead of FileClose() in Spawn()? Specifically, here:" I couldn't answer this. What little programming I do is just 'on the side', perhaps @bstansell...
I should note tracing on the server only shows: `[root@console ~]# KRB5_TRACE=/dev/stdout /usr/sbin/conserver [Wed Feb 14 21:40:42 2024] conserver (153644): conserver.com version 8.2.1 [Wed Feb 14 21:40:42 2024] conserver (153644):...
FYI: you may want to take a look at https://github.com/bstansell/conserver/issues/93
I should note, for the record, this may not be the root cause, but is just my suspicion. Regardless, I do think snprintf( ) calls are an improvement.