Article delegate-en/4088 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A4087@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en
[DeleGate-En] Re: VStr overflow in Xstrcpy and TIME_WAIT state
22 Aug 2008 13:08:49 GMT "Jean Aumont" <pvahqbdyi-aipiireovalr.ml@ml.delegate.org> 

 Hi Yutaka,

Thanks a lot for the info.
I will try the patch.

Jean Aumont

-----Original Message-----
From: Yutaka Sato [mailto:feedback@delegate.org] 
Sent: Friday, August 22, 2008 12:38 AM
To: feedback@delegate.org
Cc: Jean Aumont
Subject: Re: [DeleGate-En] VStr overflow in Xstrcpy and TIME_WAIT state

Hi,

In message
<_A4086@delegate-en.ML_> on
08/22/08(06:55:54) you "Jean Aumont" <pvahqbdyi-aipiireovalr.ml@ml.delegate.org> wrote:
 |Regarding the Question 1: Is this normal to see "VStr overflow in
|Xstrcpy" in the ERRORLOG file ?
 |
 |In my configuration file there is nothing longer than about 100
|characters, so I do not think that this is the problem.
 |
 |But regarding the logs, I see always the same pattern:

Even if your input parameter is short, it might be expanded internally
by DeleGate, and the result is reported in the LOGFILE.  For example, a
password string for -list{user:pass} in AUTHORIZER is hashed into a
MD5 string which can be far longer than the original string as follows:

  AUTHORIZER="-list{1:1,2:2,3:3,4:4,5:5,6:6,7:7}"

LOGFILE:
  **** Encrypt it as
AUTHORIZER=-list{1:MD5:c4ca4238a0b923820dcc509a6f75849b,2:MD5:c81e728d9d
4c2f636f067f89cc14862c,3:MD5:eccbc87e4b5ce2fe28308fd9f2a7baf3,4:MD5:a87f
f679a2f3e71d9181a67b7542122c,5:MD5:e4da3b7fbbce2345d7772b0674a318d5,6:MD
5:1679091c5a880faf6fb5e6087eb1b2dc,7:MD5:8f14e45fceea167a5a36dedd4bea254
3}
  ...
  08/22 13:27:33.00 [23973] 0+0: arg[4]
AUTHORIZER=-list{1:MD5:c4ca4238a0b923820dcc509a6f75849b,2:MD5:c81e728d9d
4c2f636f067f89cc14862c,3:MD5:eccbc87e4b5ce2fe28308fd9f2a7baf3,4:MD5:a87f
f679a2f3e71d9181a67b7542122c,5:MD5:e4da3b7fbbce2345d7772b0674a318d5,6:MD
5:1679091c5a880faf6fb5e6087eb1b2dc,7:MD5:8f14e45fceea167a5a36dedd4bea254
3}

With this example, I can reproduce the "VStr overflow in Xstrcpy" in the
authentication procedure of DeleGate.
Since the restriction by 256bytes (MaxHostNameLen) is not an intended
limitation, it will be fixed as the enclosed patch in the next release
(9.8.5-pre6).

Cheers,
Yutaka
--
  9 9   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

*** dist/src/delegate9.8.4-pre5/src/access.c	Thu Jul 31 20:11:30 2008
--- ./src/access.c	Fri Aug 22 13:23:11 2008
***************
*** 1628,1634 ****
--- 1628,1637 ----
  	return wa;
  }
  int CTX_withAuth(Connection *Conn){
+ 	/*
  	CStr(authserv,MaxHostNameLen);
+ 	*/
+ 	CStr(authserv,MaxAuthServLen);
  	if( getMountAuthorizer(Conn,AVStr(authserv),sizeof(authserv)) ){
  		return 1;
  	}else
***************
*** 1657,1663 ****
--- 1660,1669 ----
  }
  int doAuthX(Connection *Conn,AuthInfo *ident)
  {	int rcode;
+ 	/*
  	CStr(authserv,MaxHostNameLen);
+ 	*/
+ 	CStr(authserv,MaxAuthServLen);
  	CStr(userpass,256);
  	const char *dp;
  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V