NetBSD Problem Report #47462

From Wolfgang.Stukenbrock@nagler-company.com  Thu Jan 17 15:41:02 2013
Return-Path: <Wolfgang.Stukenbrock@nagler-company.com>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
	by www.NetBSD.org (Postfix) with ESMTP id DABA263BA5D
	for <gnats-bugs@gnats.NetBSD.org>; Thu, 17 Jan 2013 15:41:01 +0000 (UTC)
Message-Id: <20130117154046.00650123B8D@test-s0.nagler-company.com>
Date: Thu, 17 Jan 2013 16:40:45 +0100 (CET)
From: Wolfgang.Stukenbrock@nagler-company.com
Reply-To: Wolfgang.Stukenbrock@nagler-company.com
To: gnats-bugs@gnats.NetBSD.org
Subject: net/choparp on 64-Bit will fail to parse comamnd line
X-Send-Pr-Version: 3.95

>Number:         47462
>Category:       pkg
>Synopsis:       net/choparp on 64-Bit will fail to parse comamnd line
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    joerg
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Jan 17 15:45:00 +0000 2013
>Last-Modified:  Sat Dec 06 19:36:35 +0000 2014
>Originator:     Wolfgang Stukenbrock
>Release:        pkgsrc-2012Q3
>Organization:
Dr. Nagler & Company GmbH
>Environment:


System: NetBSD test-s0 5.1.2 NetBSD 5.1.2 (NSW-WS) #3: Fri Dec 21 15:15:43 CET 2012 wgstuken@test-s0:/usr/src/sys/arch/amd64/compile/NSW-WS amd64
Architecture: x86_64
Machine: amd64
>Description:
	Due to baad pointer usage in sscanf() some data gets overwritten while
	paring the command line. This will result in a wrong ipaddress to be used
	for address matching.
>How-To-Repeat:
	try to start chapart <if> <mac> 10.11.12.0/0xffffff00.
	It will not work as expected.
>Fix:
	The problem is the usage of an u_int32_t pointer to argument "%lx" in sscanf() in atoip().
	On 64-Bit architectures this is 64-bit not 32-bit ...
	The following patch will fix this problem:

--- orig.c      2013-01-17 16:37:24.000000000 +0100
+++ choparp.c   2013-01-17 16:38:07.000000000 +0100
@@ -349,13 +349,14 @@
 int
 atoip(char *buf, u_int32_t *ip_addr){
     u_int      i0, i1, i2, i3;
+    long       l;

     if (sscanf(buf, "%u.%u.%u.%u", &i0, &i1, &i2, &i3) == 4){
        *ip_addr = (i0 << 24) + (i1 << 16) + (i2 << 8) + i3;
        return(0);
     }
-    if (sscanf(buf, "0x%lx", ip_addr) == 1)
-       return(0);
+    if (sscanf(buf, "0x%lx", &l) == 1)
+       { *ip_addr = 0; return(0); }

     return(-1);        
 }

	We may discuss if the sscanf() at this location should be eliminated and replaced
	by something else - e.g. strtoul().
	But then we remove the enforcement for an hex-number too.

>Release-Note:

>Audit-Trail:
From: Wolfgang Stukenbrock <wolfgang.stukenbrock@nagler-company.com>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: Re: pkg/47462: net/choparp on 64-Bit will fail to parse comamnd line
Date: Thu, 17 Jan 2013 16:58:13 +0100

 Hi - once again

 there is a copy-paste error in my patch ....

 replace the line
 { *ip_addr = 0; return (0); }
 with
 { *ip_addr = l; return (0); }

 The just extracted value should be returned ...

 Sorry

 W. Stukenbrock

 gnats-admin@NetBSD.org wrote:

 > Thank you very much for your problem report.
 > It has the internal identification `pkg/47462'.
 > The individual assigned to look at your
 > report is: pkg-manager. 
 > 
 > 
 >>Category:       pkg
 >>Responsible:    pkg-manager
 >>Synopsis:       net/choparp on 64-Bit will fail to parse comamnd line
 >>Arrival-Date:   Thu Jan 17 15:45:00 +0000 2013
 >>
 > 
 > 


Responsible-Changed-From-To: pkg-manager->dbj
Responsible-Changed-By: hauke@NetBSD.org
Responsible-Changed-When: Thu, 17 Jan 2013 19:53:08 +0000
Responsible-Changed-Why:
Over to maintainer.


From: David Holland <dholland-pbugs@netbsd.org>
To: gnats-bugs@netbsd.org
Cc: 
Subject: Re: pkg/47462: net/choparp on 64-Bit will fail to parse comamnd line
Date: Fri, 1 Feb 2013 03:31:27 +0000

 On Thu, Jan 17, 2013 at 03:45:00PM +0000, Wolfgang.Stukenbrock@nagler-company.com wrote:
  > >Number:         47462
  > >Category:       pkg
  > >Synopsis:       net/choparp on 64-Bit will fail to parse comamnd line
  > >Confidential:   yes
  > [routine bug]

 I assume this wasn't meant to be marked confidential...

 -- 
 David A. Holland
 dholland@netbsd.org

From: Wolfgang Stukenbrock <wolfgang.stukenbrock@nagler-company.com>
To: gnats-bugs@NetBSD.org
Cc: dbj@NetBSD.org, gnats-admin@NetBSD.org, pkgsrc-bugs@NetBSD.org
Subject: Re: pkg/47462: net/choparp on 64-Bit will fail to parse comamnd line
Date: Fri, 01 Feb 2013 08:54:48 +0100

 Hi - ooops ...

 of cause this is not confidential - sorry

 can you please change this. Thanks.

 W. Stukenbrock

 David Holland wrote:

 > The following reply was made to PR pkg/47462; it has been noted by GNATS.
 > 
 > From: David Holland <dholland-pbugs@netbsd.org>
 > To: gnats-bugs@netbsd.org
 > Cc: 
 > Subject: Re: pkg/47462: net/choparp on 64-Bit will fail to parse comamnd line
 > Date: Fri, 1 Feb 2013 03:31:27 +0000
 > 
 >  On Thu, Jan 17, 2013 at 03:45:00PM +0000, Wolfgang.Stukenbrock@nagler-company.com wrote:
 >   > >Number:         47462
 >   > >Category:       pkg
 >   > >Synopsis:       net/choparp on 64-Bit will fail to parse comamnd line
 >   > >Confidential:   yes
 >   > [routine bug]
 >  
 >  I assume this wasn't meant to be marked confidential...
 >  
 >  -- 
 >  David A. Holland
 >  dholland@netbsd.org
 >  
 > 
 > 


 -- 


 Dr. Nagler & Company GmbH
 Hauptstraße 9
 92253 Schnaittenbach

 Tel. +49 9622/71 97-42
 Fax +49 9622/71 97-50

 Wolfgang.Stukenbrock@nagler-company.com
 http://www.nagler-company.com


 Hauptsitz: Schnaittenbach
 Handelregister: Amberg HRB
 Gerichtsstand: Amberg
 Steuernummer: 201/118/51825
 USt.-ID-Nummer: DE 273143997
 Geschäftsführer: Dr. Martin Nagler, Prof. Dr. Dr. Karl-Kuno Kunze


From: "Darrin B. Jewell" <dbj@netbsd.org>
To: gnats-bugs@netbsd.org
Cc: "Darrin B. Jewell" <dbj@netbsd.org>,
        Wolfgang Stukenbrock <wolfgang.stukenbrock@nagler-company.com>
Subject: Re: pkg/47462: net/choparp on 64-Bit will fail to parse comamnd line
Date: Fri, 08 Mar 2013 19:43:53 -0800

 Would it be sufficient and portable to just change the scanf
 format string to "0x%x" ?

 Darrin

 > --- orig.c      2013-01-17 16:37:24.000000000 +0100
 > +++ choparp.c   2013-01-17 16:38:07.000000000 +0100
 > @@ -349,13 +349,14 @@
 >  int
 >  atoip(char *buf, u_int32_t *ip_addr){
 >      u_int      i0, i1, i2, i3;
 > +    long       l;
 > 
 >  
 >      if (sscanf(buf, "%u.%u.%u.%u", &i0, &i1, &i2, &i3) == 4){
 >         *ip_addr = (i0 << 24) + (i1 << 16) + (i2 << 8) + i3;
 >         return(0);
 >      }
 > -    if (sscanf(buf, "0x%lx", ip_addr) == 1)
 > -       return(0);
 > +    if (sscanf(buf, "0x%lx", &l) == 1)
 > +       { *ip_addr = 0; return(0); }
 > 
 >  
 >      return(-1);        
 >  }
 > 
 > 
 >  We may discuss if the sscanf() at this location should be eliminated and replaced
 >  by something else - e.g. strtoul().
 >  But then we remove the enforcement for an hex-number too.
 > 

From: Wolfgang Stukenbrock <wolfgang.stukenbrock@nagler-company.com>
To: gnats-bugs@NetBSD.org
Cc: dbj@NetBSD.org, gnats-admin@NetBSD.org, pkgsrc-bugs@NetBSD.org
Subject: Re: pkg/47462: net/choparp on 64-Bit will fail to parse comamnd line
Date: Mon, 11 Mar 2013 09:13:34 +0100

 Hi,

 this depends on the question if there are any (or will be any) 
 Architektures now or in the future where an "int" will be larger than 
 32bit (or u_int32_t).
 There is a general problem with the C-lib printf/scanf function on data 
 types with explicit size information.

 Some operating systems have special definitions in a headerfile for this 
 purpose - on NetBSD it is /usr/include/machine/int_fmtio.h, but on other 
 sOS this file has a diffferent name or is completely missing.
 The best way would be to use these macros, but I don't know a portable 
 way (for pkgsrc) to get them for all supported operationg systems.

 This is the reason way I choose a "long int" that is known to be at 
 least 32 bit on all architectures as far as I know.

 W. Stukenbrock


 Darrin B. Jewell wrote:

 > The following reply was made to PR pkg/47462; it has been noted by GNATS.
 > 
 > From: "Darrin B. Jewell" <dbj@netbsd.org>
 > To: gnats-bugs@netbsd.org
 > Cc: "Darrin B. Jewell" <dbj@netbsd.org>,
 >         Wolfgang Stukenbrock <wolfgang.stukenbrock@nagler-company.com>
 > Subject: Re: pkg/47462: net/choparp on 64-Bit will fail to parse comamnd line
 > Date: Fri, 08 Mar 2013 19:43:53 -0800
 > 
 >  Would it be sufficient and portable to just change the scanf
 >  format string to "0x%x" ?
 >  
 >  Darrin
 >  
 >  > --- orig.c      2013-01-17 16:37:24.000000000 +0100
 >  > +++ choparp.c   2013-01-17 16:38:07.000000000 +0100
 >  > @@ -349,13 +349,14 @@
 >  >  int
 >  >  atoip(char *buf, u_int32_t *ip_addr){
 >  >      u_int      i0, i1, i2, i3;
 >  > +    long       l;
 >  > 
 >  >  
 >  >      if (sscanf(buf, "%u.%u.%u.%u", &i0, &i1, &i2, &i3) == 4){
 >  >         *ip_addr = (i0 << 24) + (i1 << 16) + (i2 << 8) + i3;
 >  >         return(0);
 >  >      }
 >  > -    if (sscanf(buf, "0x%lx", ip_addr) == 1)
 >  > -       return(0);
 >  > +    if (sscanf(buf, "0x%lx", &l) == 1)
 >  > +       { *ip_addr = 0; return(0); }
 >  > 
 >  >  
 >  >      return(-1);        
 >  >  }
 >  > 
 >  > 
 >  >  We may discuss if the sscanf() at this location should be eliminated and replaced
 >  >  by something else - e.g. strtoul().
 >  >  But then we remove the enforcement for an hex-number too.
 >  > 
 >  
 > 
 > 


 -- 


 Dr. Nagler & Company GmbH
 Hauptstraße 9
 92253 Schnaittenbach

 Tel. +49 9622/71 97-42
 Fax +49 9622/71 97-50

 Wolfgang.Stukenbrock@nagler-company.com
 http://www.nagler-company.com


 Hauptsitz: Schnaittenbach
 Handelregister: Amberg HRB
 Gerichtsstand: Amberg
 Steuernummer: 201/118/51825
 USt.-ID-Nummer: DE 273143997
 Geschäftsführer: Dr. Martin Nagler, Prof. Dr. Dr. Karl-Kuno Kunze


Responsible-Changed-From-To: dbj->joerg
Responsible-Changed-By: dbj@NetBSD.org
Responsible-Changed-When: Sun, 15 Sep 2013 17:56:38 +0000
Responsible-Changed-Why:
I think joerg pushed a fix for this recently.

>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.