#15 Segfaults when parsing config file.

closed
None
5
2004-11-02
2004-03-01
L Swalas
No

When writing an incorrect rule such as /foo pnugo instead of /foo
p+n+u+g+o aide exits with a segfault when parsing that rule.
Also, altering one of the default rules, such as trying to change the
R rule to R: p+i+n+u+g+s+m+c+sha1 instead of
p+i+n+u+g+s+m+c+md5 causes a segfault. (Changing it with an
equal sign is ok though).

Discussion

  • Logged In: NO

    The following patch fixes (which is to say, breaks, with two
    wrongs apparently making a right) it for me.

    Note that conftext is in fact a (char *), but something in
    the lex/yacc routines seems to be putting *conftext into
    conftext. Buffer/heap overflow? Quite probably. I'd guess
    there's a bad strcpy/strncpy/memcpy somewhere. Either that
    or something very odd is happening to the symbol table.

    Anyway, like I said, this (below) makes it work for me, even
    though it quite emphatically *shouldn't*.

    --- aide/src/conf_yacc.y 2003-08-18
    14:03:22.000000000 +0100
    +++ aide-cvs/src/conf_yacc.y 2004-03-25
    14:33:22.000000000 +0000
    @@ -309,8 +309,7 @@

    void conferror(const char *msg){
    - error(0,"%i:%s:%s\n",conf_lineno,msg,conftext);
    -
    + error(0,"%i:%s:%s\n",conf_lineno,msg, &conftext);
    }

    const char* aide_key_1=CONFHMACKEY_01;

     
    • status: open --> closed
     
  • Logged In: YES
    user_id=330646

    Fixed in CVS.

     
    • assigned_to: nobody --> rvdb