NetBSD Problem Report #47462
From Wolfgang.Stukenbrock@nagler-company.com Thu Jan 17 15:41:02 2013
Return-Path: <Wolfgang.Stukenbrock@nagler-company.com>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
by www.NetBSD.org (Postfix) with ESMTP id DABA263BA5D
for <gnats-bugs@gnats.NetBSD.org>; Thu, 17 Jan 2013 15:41:01 +0000 (UTC)
Message-Id: <20130117154046.00650123B8D@test-s0.nagler-company.com>
Date: Thu, 17 Jan 2013 16:40:45 +0100 (CET)
From: Wolfgang.Stukenbrock@nagler-company.com
Reply-To: Wolfgang.Stukenbrock@nagler-company.com
To: gnats-bugs@gnats.NetBSD.org
Subject: net/choparp on 64-Bit will fail to parse comamnd line
X-Send-Pr-Version: 3.95
>Number: 47462
>Category: pkg
>Synopsis: net/choparp on 64-Bit will fail to parse comamnd line
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: joerg
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Jan 17 15:45:00 +0000 2013
>Last-Modified: Sat Dec 06 19:36:35 +0000 2014
>Originator: Wolfgang Stukenbrock
>Release: pkgsrc-2012Q3
>Organization:
Dr. Nagler & Company GmbH
>Environment:
System: NetBSD test-s0 5.1.2 NetBSD 5.1.2 (NSW-WS) #3: Fri Dec 21 15:15:43 CET 2012 wgstuken@test-s0:/usr/src/sys/arch/amd64/compile/NSW-WS amd64
Architecture: x86_64
Machine: amd64
>Description:
Due to baad pointer usage in sscanf() some data gets overwritten while
paring the command line. This will result in a wrong ipaddress to be used
for address matching.
>How-To-Repeat:
try to start chapart <if> <mac> 10.11.12.0/0xffffff00.
It will not work as expected.
>Fix:
The problem is the usage of an u_int32_t pointer to argument "%lx" in sscanf() in atoip().
On 64-Bit architectures this is 64-bit not 32-bit ...
The following patch will fix this problem:
--- orig.c 2013-01-17 16:37:24.000000000 +0100
+++ choparp.c 2013-01-17 16:38:07.000000000 +0100
@@ -349,13 +349,14 @@
int
atoip(char *buf, u_int32_t *ip_addr){
u_int i0, i1, i2, i3;
+ long l;
if (sscanf(buf, "%u.%u.%u.%u", &i0, &i1, &i2, &i3) == 4){
*ip_addr = (i0 << 24) + (i1 << 16) + (i2 << 8) + i3;
return(0);
}
- if (sscanf(buf, "0x%lx", ip_addr) == 1)
- return(0);
+ if (sscanf(buf, "0x%lx", &l) == 1)
+ { *ip_addr = 0; return(0); }
return(-1);
}
We may discuss if the sscanf() at this location should be eliminated and replaced
by something else - e.g. strtoul().
But then we remove the enforcement for an hex-number too.
>Release-Note:
>Audit-Trail:
From: Wolfgang Stukenbrock <wolfgang.stukenbrock@nagler-company.com>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: pkg/47462: net/choparp on 64-Bit will fail to parse comamnd line
Date: Thu, 17 Jan 2013 16:58:13 +0100
Hi - once again
there is a copy-paste error in my patch ....
replace the line
{ *ip_addr = 0; return (0); }
with
{ *ip_addr = l; return (0); }
The just extracted value should be returned ...
Sorry
W. Stukenbrock
gnats-admin@NetBSD.org wrote:
> Thank you very much for your problem report.
> It has the internal identification `pkg/47462'.
> The individual assigned to look at your
> report is: pkg-manager.
>
>
>>Category: pkg
>>Responsible: pkg-manager
>>Synopsis: net/choparp on 64-Bit will fail to parse comamnd line
>>Arrival-Date: Thu Jan 17 15:45:00 +0000 2013
>>
>
>
Responsible-Changed-From-To: pkg-manager->dbj
Responsible-Changed-By: hauke@NetBSD.org
Responsible-Changed-When: Thu, 17 Jan 2013 19:53:08 +0000
Responsible-Changed-Why:
Over to maintainer.
From: David Holland <dholland-pbugs@netbsd.org>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: pkg/47462: net/choparp on 64-Bit will fail to parse comamnd line
Date: Fri, 1 Feb 2013 03:31:27 +0000
On Thu, Jan 17, 2013 at 03:45:00PM +0000, Wolfgang.Stukenbrock@nagler-company.com wrote:
> >Number: 47462
> >Category: pkg
> >Synopsis: net/choparp on 64-Bit will fail to parse comamnd line
> >Confidential: yes
> [routine bug]
I assume this wasn't meant to be marked confidential...
--
David A. Holland
dholland@netbsd.org
From: Wolfgang Stukenbrock <wolfgang.stukenbrock@nagler-company.com>
To: gnats-bugs@NetBSD.org
Cc: dbj@NetBSD.org, gnats-admin@NetBSD.org, pkgsrc-bugs@NetBSD.org
Subject: Re: pkg/47462: net/choparp on 64-Bit will fail to parse comamnd line
Date: Fri, 01 Feb 2013 08:54:48 +0100
Hi - ooops ...
of cause this is not confidential - sorry
can you please change this. Thanks.
W. Stukenbrock
David Holland wrote:
> The following reply was made to PR pkg/47462; it has been noted by GNATS.
>
> From: David Holland <dholland-pbugs@netbsd.org>
> To: gnats-bugs@netbsd.org
> Cc:
> Subject: Re: pkg/47462: net/choparp on 64-Bit will fail to parse comamnd line
> Date: Fri, 1 Feb 2013 03:31:27 +0000
>
> On Thu, Jan 17, 2013 at 03:45:00PM +0000, Wolfgang.Stukenbrock@nagler-company.com wrote:
> > >Number: 47462
> > >Category: pkg
> > >Synopsis: net/choparp on 64-Bit will fail to parse comamnd line
> > >Confidential: yes
> > [routine bug]
>
> I assume this wasn't meant to be marked confidential...
>
> --
> David A. Holland
> dholland@netbsd.org
>
>
>
--
Dr. Nagler & Company GmbH
Hauptstraße 9
92253 Schnaittenbach
Tel. +49 9622/71 97-42
Fax +49 9622/71 97-50
Wolfgang.Stukenbrock@nagler-company.com
http://www.nagler-company.com
Hauptsitz: Schnaittenbach
Handelregister: Amberg HRB
Gerichtsstand: Amberg
Steuernummer: 201/118/51825
USt.-ID-Nummer: DE 273143997
Geschäftsführer: Dr. Martin Nagler, Prof. Dr. Dr. Karl-Kuno Kunze
From: "Darrin B. Jewell" <dbj@netbsd.org>
To: gnats-bugs@netbsd.org
Cc: "Darrin B. Jewell" <dbj@netbsd.org>,
Wolfgang Stukenbrock <wolfgang.stukenbrock@nagler-company.com>
Subject: Re: pkg/47462: net/choparp on 64-Bit will fail to parse comamnd line
Date: Fri, 08 Mar 2013 19:43:53 -0800
Would it be sufficient and portable to just change the scanf
format string to "0x%x" ?
Darrin
> --- orig.c 2013-01-17 16:37:24.000000000 +0100
> +++ choparp.c 2013-01-17 16:38:07.000000000 +0100
> @@ -349,13 +349,14 @@
> int
> atoip(char *buf, u_int32_t *ip_addr){
> u_int i0, i1, i2, i3;
> + long l;
>
>
> if (sscanf(buf, "%u.%u.%u.%u", &i0, &i1, &i2, &i3) == 4){
> *ip_addr = (i0 << 24) + (i1 << 16) + (i2 << 8) + i3;
> return(0);
> }
> - if (sscanf(buf, "0x%lx", ip_addr) == 1)
> - return(0);
> + if (sscanf(buf, "0x%lx", &l) == 1)
> + { *ip_addr = 0; return(0); }
>
>
> return(-1);
> }
>
>
> We may discuss if the sscanf() at this location should be eliminated and replaced
> by something else - e.g. strtoul().
> But then we remove the enforcement for an hex-number too.
>
From: Wolfgang Stukenbrock <wolfgang.stukenbrock@nagler-company.com>
To: gnats-bugs@NetBSD.org
Cc: dbj@NetBSD.org, gnats-admin@NetBSD.org, pkgsrc-bugs@NetBSD.org
Subject: Re: pkg/47462: net/choparp on 64-Bit will fail to parse comamnd line
Date: Mon, 11 Mar 2013 09:13:34 +0100
Hi,
this depends on the question if there are any (or will be any)
Architektures now or in the future where an "int" will be larger than
32bit (or u_int32_t).
There is a general problem with the C-lib printf/scanf function on data
types with explicit size information.
Some operating systems have special definitions in a headerfile for this
purpose - on NetBSD it is /usr/include/machine/int_fmtio.h, but on other
sOS this file has a diffferent name or is completely missing.
The best way would be to use these macros, but I don't know a portable
way (for pkgsrc) to get them for all supported operationg systems.
This is the reason way I choose a "long int" that is known to be at
least 32 bit on all architectures as far as I know.
W. Stukenbrock
Darrin B. Jewell wrote:
> The following reply was made to PR pkg/47462; it has been noted by GNATS.
>
> From: "Darrin B. Jewell" <dbj@netbsd.org>
> To: gnats-bugs@netbsd.org
> Cc: "Darrin B. Jewell" <dbj@netbsd.org>,
> Wolfgang Stukenbrock <wolfgang.stukenbrock@nagler-company.com>
> Subject: Re: pkg/47462: net/choparp on 64-Bit will fail to parse comamnd line
> Date: Fri, 08 Mar 2013 19:43:53 -0800
>
> Would it be sufficient and portable to just change the scanf
> format string to "0x%x" ?
>
> Darrin
>
> > --- orig.c 2013-01-17 16:37:24.000000000 +0100
> > +++ choparp.c 2013-01-17 16:38:07.000000000 +0100
> > @@ -349,13 +349,14 @@
> > int
> > atoip(char *buf, u_int32_t *ip_addr){
> > u_int i0, i1, i2, i3;
> > + long l;
> >
> >
> > if (sscanf(buf, "%u.%u.%u.%u", &i0, &i1, &i2, &i3) == 4){
> > *ip_addr = (i0 << 24) + (i1 << 16) + (i2 << 8) + i3;
> > return(0);
> > }
> > - if (sscanf(buf, "0x%lx", ip_addr) == 1)
> > - return(0);
> > + if (sscanf(buf, "0x%lx", &l) == 1)
> > + { *ip_addr = 0; return(0); }
> >
> >
> > return(-1);
> > }
> >
> >
> > We may discuss if the sscanf() at this location should be eliminated and replaced
> > by something else - e.g. strtoul().
> > But then we remove the enforcement for an hex-number too.
> >
>
>
>
--
Dr. Nagler & Company GmbH
Hauptstraße 9
92253 Schnaittenbach
Tel. +49 9622/71 97-42
Fax +49 9622/71 97-50
Wolfgang.Stukenbrock@nagler-company.com
http://www.nagler-company.com
Hauptsitz: Schnaittenbach
Handelregister: Amberg HRB
Gerichtsstand: Amberg
Steuernummer: 201/118/51825
USt.-ID-Nummer: DE 273143997
Geschäftsführer: Dr. Martin Nagler, Prof. Dr. Dr. Karl-Kuno Kunze
Responsible-Changed-From-To: dbj->joerg
Responsible-Changed-By: dbj@NetBSD.org
Responsible-Changed-When: Sun, 15 Sep 2013 17:56:38 +0000
Responsible-Changed-Why:
I think joerg pushed a fix for this recently.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.