[Pkg-dspam-misc] BUGREPORT: Weird user name comparison bug 3.6.8 ?

Flavien Lebarbe flavien-dspam at lebarbe.net
Thu Jul 3 15:14:38 UTC 2008


Hi,



I'm using dspam 3.6.8-5etch1 from Debian etch on amd64. I just got
the same problem that was reported last year by Tim Small to the
dspam mailing-list but got no answer so far :
http://www.mail-archive.com/dspam-dev@lists.nuclearelephant.com/msg00086.html

This is a bug that has been fixed (two years ago) in version 1.71 of
agent_shared.c.

For the record (googlers love those), the problem in 1.70 is that
the AGENT_CTX ATX is initialised this way :

    int initialize_atx(AGENT_CTX *ATX) {
    [...]
    char buf[1024];
    [...]
    getpwuid_r(getuid(), &ATX->pwbuf, buf, sizeof(buf), &ATX->p)
    [...]
    }

Then, in order to check the --user option, the code uses ATX->pw_name.
However, as shown previously, it points to a buffer on the stack.
Oops !

It does not seem to crash on i386 (luck! I'm using this code on a
production machine for a long time !) but I bumped on it on amd64
(Debian etch), as did the previous reporter.

In my case, I can afford removing the --user XXX option, so the
bug is not triggered. I'll do that. Other users might want to
upgrade. :o)


Flavien.



More information about the Pkg-dspam-misc mailing list