Skip Menu |
 

This queue is for tickets about the Authen-TacacsPlus CPAN distribution.

Report information
The Basics
Id: 79114
Status: resolved
Worked: 30 min
Priority: 0/
Queue: Authen-TacacsPlus

People
Owner: MIKEM [...] cpan.org
Requestors: gregoa [...] debian.org
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



From: gregoa [...] cpan.org
Subject: libauthen-tacacsplus-perl: segfaults when Tacacs server doesn't answer
Download (untitled) / with headers
text/plain 2.1k
This bug has been forwarded from http://bugs.debian.org/685503 Package: libauthen-tacacsplus-perl Version: 0.22-1 Severity: important Perl segfaults when Authen::Tacacs->authen() doesn't get a response from the server. Program received signal SIGSEGV, Segmentation fault. make_auth (username=username@entry=0x7ffff7ba3f57 "", user_len=0, password=0x7ffff7ba3f57 "", password_len=0, authen_type=authen_type@entry=1) at tac_client.c:108 108 switch (ar->status) { (gdb) l 103 send_data(buf,buf_len,tac_fd); 104 free(buf); 105 while ((data_len=read_reply(&data))!=-1){ 106 107 ar=data; 108 switch (ar->status) { 109 case TAC_PLUS_AUTHEN_STATUS_GETUSER: 110 free(data); 111 send_auth_cont(username, user_len); 112 break; (gdb) p ar $1 = (struct authen_reply *) 0x0 (gdb) p data $2 = (void *) 0x0 (gdb) bt #0 make_auth (username=username@entry=0x7ffff7ba3f57 "", user_len=0, password=0x7ffff7ba3f57 "", password_len=0, authen_type=authen_type@entry=1) at tac_client.c:108 #1 0x00007ffff6bf883e in XS_Authen__TacacsPlus_make_auth (my_perl=<optimized out>, cv=<optimized out>) at TacacsPlus.xs:128 #2 0x00007ffff7b1545c in Perl_pp_entersub () from /usr/lib/libperl.so.5.14 #3 0x00007ffff7b0c9b6 in Perl_runops_standard () from /usr/lib/libperl.so.5.14 #4 0x00007ffff7aae585 in perl_run () from /usr/lib/libperl.so.5.14 #5 0x0000000000400f89 in main () -- System Information: Debian Release: wheezy/sid APT prefers stable-updates APT policy: (700, 'stable-updates'), (700, 'stable'), (500, 'testing'), (200, 'unstable'), (100, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.5-trunk-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libauthen-tacacsplus-perl depends on: ii libc6 2.13-35 ii perl 5.14.2-12 ii perl-base [perlapi-5.14.2] 5.14.2-12 libauthen-tacacsplus-perl recommends no packages. libauthen-tacacsplus-perl suggests no packages. -- no debconf information Thanks in advance, gregor herrmann, Debian Perl Group
Subject: Re: [rt.cpan.org #79114] libauthen-tacacsplus-perl: segfaults when Tacacs server doesn't answer
Date: Wed, 22 Aug 2012 21:32:51 +1000
To: bug-Authen-TacacsPlus [...] rt.cpan.org
From: Mike McCauley <mikem [...] open.com.au>
Download (untitled) / with headers
text/plain 3.4k
Hi, thanks for the report. What OS are you testing on? I know it Wheeze/sid, but 32 or 64 bit? How did you reproduce this problem? Cheers. On Tuesday, August 21, 2012 10:57:42 AM you wrote: Show quoted text
> Tue Aug 21 10:57:41 2012: Request 79114 was acted upon. > Transaction: Ticket created by GREGOA > Queue: Authen-TacacsPlus > Subject: libauthen-tacacsplus-perl: segfaults when Tacacs server > doesn't answer > Broken in: (no value) > Severity: (no value) > Owner: Nobody > Requestors: gregoa@debian.org > Status: new > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=79114 > > > > This bug has been forwarded from http://bugs.debian.org/685503 > > > Package: libauthen-tacacsplus-perl > Version: 0.22-1 > Severity: important > > Perl segfaults when Authen::Tacacs->authen() doesn't get a response from the > server. > > Program received signal SIGSEGV, Segmentation fault. > make_auth (username=username@entry=0x7ffff7ba3f57 "", user_len=0, > password=0x7ffff7ba3f57 "", password_len=0, > authen_type=authen_type@entry=1) at tac_client.c:108 108 switch > (ar->status) { > (gdb) l > 103 send_data(buf,buf_len,tac_fd); > 104 free(buf); > 105 while ((data_len=read_reply(&data))!=-1){ > 106 > 107 ar=data; > 108 switch (ar->status) { > 109 case TAC_PLUS_AUTHEN_STATUS_GETUSER: > 110 free(data); > 111 send_auth_cont(username, user_len); > 112 break; > (gdb) p ar > $1 = (struct authen_reply *) 0x0 > (gdb) p data > $2 = (void *) 0x0 > (gdb) bt > #0 make_auth (username=username@entry=0x7ffff7ba3f57 "", user_len=0, > password=0x7ffff7ba3f57 "", password_len=0, > authen_type=authen_type@entry=1) at tac_client.c:108 #1 0x00007ffff6bf883e > in XS_Authen__TacacsPlus_make_auth (my_perl=<optimized out>, cv=<optimized
> out>) at TacacsPlus.xs:128
> #2 0x00007ffff7b1545c in Perl_pp_entersub () from /usr/lib/libperl.so.5.14 > #3 0x00007ffff7b0c9b6 in Perl_runops_standard () from > /usr/lib/libperl.so.5.14 #4 0x00007ffff7aae585 in perl_run () from > /usr/lib/libperl.so.5.14 #5 0x0000000000400f89 in main () > > > -- System Information: > Debian Release: wheezy/sid > APT prefers stable-updates > APT policy: (700, 'stable-updates'), (700, 'stable'), (500, 'testing'), > (200, 'unstable'), (100, 'experimental') Architecture: amd64 (x86_64) > > Kernel: Linux 3.5-trunk-amd64 (SMP w/4 CPU cores) > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > > Versions of packages libauthen-tacacsplus-perl depends on: > ii libc6 2.13-35 > ii perl 5.14.2-12 > ii perl-base [perlapi-5.14.2] 5.14.2-12 > > libauthen-tacacsplus-perl recommends no packages. > > libauthen-tacacsplus-perl suggests no packages. > > -- no debconf information > > > > Thanks in advance, > gregor herrmann, Debian Perl Group
-- Mike McCauley mikem@open.com.au Open System Consultants Pty. Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au Phone +61 7 5598-7474 Fax +61 7 5598-7070 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
CC: 685503-submitter [...] bugs.debian.org
Subject: Re: [rt.cpan.org #79114] libauthen-tacacsplus-perl: segfaults when Tacacs server doesn't answer
Date: Wed, 22 Aug 2012 14:26:50 +0200
To: "mikem [...] open.com.au via RT" <bug-Authen-TacacsPlus [...] rt.cpan.org>
From: gregor herrmann <gregoa [...] debian.org>
Download (untitled) / with headers
text/plain 891b
On Wed, 22 Aug 2012 07:32:11 -0400, mikem@open.com.au via RT wrote: Show quoted text
> thanks for the report.
Thanks for your quick reply! Show quoted text
> What OS are you testing on?
Debian GNU/Linux. Show quoted text
> I know it Wheeze/sid, but 32 or 64 bit?
That's hidden in the footer of the original bug report: | Architecture: amd64 (x86_64) | Kernel: Linux 3.5-trunk-amd64 (SMP w/4 CPU cores) | perl 5.14.2-12 Show quoted text
> How did > you reproduce this problem?
I didn't, I just forwarded the original bug report :) Let's ask the submitter (cc'ed): Daniel, can you provide a bit more info, e.g. a minimal test case? Cheers, gregor -- .''`. Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06 : :' : Debian GNU/Linux user, admin, and developer - http://www.debian.org/ `. `' Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe `- BOFH excuse #132: SCSI Chain overterminated
CC: "mikem [...] open.com.au via RT" <bug-Authen-TacacsPlus [...] rt.cpan.org>, 685503-submitter [...] bugs.debian.org
Subject: Re: Bug#685503: [rt.cpan.org #79114] libauthen-tacacsplus-perl: segfaults when Tacacs server doesn't answer
Date: Wed, 22 Aug 2012 13:47:39 +0000
To: gregor herrmann <gregoa [...] debian.org>, 685503-quiet [...] bugs.debian.org
From: Daniel Albers <daniel [...] lbe.rs>
Download (untitled) / with headers
text/plain 895b
On Wed, 22 Aug 2012 gregor herrmann <gregoa@debian.org> wrote: Show quoted text
> On Wed, 22 Aug 2012 07:32:11 -0400, mikem@open.com.au via RT wrote:
>> How did >> you reproduce this problem?
> > I didn't, I just forwarded the original bug report :) > > Let's ask the submitter (cc'ed): > Daniel, can you provide a bit more info, e.g. a minimal test case?
Sure - after taking a closer look, the problem seems reproducable when using an incorrect key for communication with a Cisco ACS 5.1 server. What's happening is: - ACS SYN/ACKs the TCP connection - client sends TACACS+ Authentication Query - ACS ACKs, internally logs an error due to incorrect key - ACS FIN-closes the TCP connection without sending a TACACS+ Response - perl segfaults $ perl -Mstrict -MAuthen::TacacsPlus -we'Authen::TacacsPlus->new(Host => q/acs/, Key => q/incorrectkey/)->authen(q/a/, q/b/);' Segmentation fault Cheers, Daniel
Subject: Re: Bug#685503: [rt.cpan.org #79114] libauthen-tacacsplus-perl: segfaults when Tacacs server doesn't answer
Date: Thu, 23 Aug 2012 17:28:45 +1000
To: bug-Authen-TacacsPlus [...] rt.cpan.org
From: Mike McCauley <mikem [...] open.com.au>
Download (untitled) / with headers
text/plain 2.1k
Hi, thanks for reporting this. Updated Authen-TacacsPlus and uploaded 0.23 to CPAN: 0.23 Wed Aug 23, 2012 Mike McCauley - Fixed problems in low level read_data() function triggered when an incorrect key is used with some Tacacs+ servers, resulting in a 0-length read(), causing a seg fault on some platforms, and a very slow exit on others. This problem appears to have been in tac_client ever since I inherited this library. Cheers. On Wednesday, August 22, 2012 09:47:59 AM you wrote: Show quoted text
> Queue: Authen-TacacsPlus > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=79114 > > > On Wed, 22 Aug 2012 gregor herrmann <gregoa@debian.org> wrote:
> > On Wed, 22 Aug 2012 07:32:11 -0400, mikem@open.com.au via RT wrote:
> >> How did > >> you reproduce this problem?
> > > > I didn't, I just forwarded the original bug report :) > > > > Let's ask the submitter (cc'ed): > > Daniel, can you provide a bit more info, e.g. a minimal test case?
> > Sure - after taking a closer look, the problem seems reproducable when > using an incorrect key for communication with a Cisco ACS 5.1 server. > > What's happening is: > - ACS SYN/ACKs the TCP connection > - client sends TACACS+ Authentication Query > - ACS ACKs, internally logs an error due to incorrect key > - ACS FIN-closes the TCP connection without sending a TACACS+ Response > - perl segfaults > > $ perl -Mstrict -MAuthen::TacacsPlus -we'Authen::TacacsPlus->new(Host > => q/acs/, Key => q/incorrectkey/)->authen(q/a/, q/b/);' > Segmentation fault > > Cheers, Daniel
-- Mike McCauley mikem@open.com.au Open System Consultants Pty. Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au Phone +61 7 5598-7474 Fax +61 7 5598-7070 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.