mdnsd will crash on some systems with a corrupt stack and once that's fixed it will still leak a file descriptor when parsing resolv.conf. The crash is because scanf is used with %10s for a buffer that is only 10 chars long. The buffer size needs increased to 11 chars to hold the trailing NUL. To fix the leak, an fclose needs added. Fix: Apply attached patch in mDNSPosix. Patch attached with submission follows: How-To-Repeat: Run mdnsd on an unlucky system.
Responsible Changed From-To: freebsd-ports-bugs->rene Grab, superseeded by ports/147657 ?
The problem report is still valid. Can you point to a CVE entry so that I can write a VuXML entry? I didn't find any at entries relating to this problem at http://web.nvd.nist.gov/view/vuln/search-results?cid=3 Rene
State Changed From-To: open->feedback Waiting for CVE entry, not in the National Vulnerability Database.
rene 2010-06-27 21:14:28 UTC FreeBSD ports repository Modified files: security/vuxml vuln.xml Log: Document mDNSResponder -- corrupted stack crash when parsing bad resolv.conf This only happens on a system where one has a system where resolv.conf is writable by an untrusted user or where mdnsd is setuid and can be tricked into opening an alternate resolv.conf. PR: ports/147007 Submitted by: jmallett@ Approved by: tabthorpe (mentor) Feature safe: yes Revision Changes Path 1.2174 +32 -1 ports/security/vuxml/vuln.xml _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
rene 2010-08-01 19:12:18 UTC FreeBSD ports repository Modified files: net/mDNSResponder Makefile distinfo Added files: net/mDNSResponder/files mdnsd.in patch-mDNSPosix_mDNSPosix.c Removed files: net/mDNSResponder/files mdnsd.sh.in Log: - Fix a potential buffer overflow and file descriptor leak. [1] - Update to 214.3 [2] - Rename mdnsd.sh to mdnsd [2] - Remove duplicate MAKE_JOBS_UNSAFE [2] - Simplify manpage installation [2] - Pass maintainership to submitter [2] PR: ports/147007 [1] ports/147657 [2] Submitted by: jmallett [1] Sunpoet Po-Chuan Hsieh [sunpoet sunpoet.net] [2] Approved by: tabthorpe (mentor) Security: ports/147007 Revision Changes Path 1.26 +16 -25 ports/net/mDNSResponder/Makefile 1.8 +3 -3 ports/net/mDNSResponder/distinfo 1.1 +22 -0 ports/net/mDNSResponder/files/mdnsd.in (new) 1.7 +0 -19 ports/net/mDNSResponder/files/mdnsd.sh.in (dead) 1.1 +19 -0 ports/net/mDNSResponder/files/patch-mDNSPosix_mDNSPosix.c (new) _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
State Changed From-To: feedback->closed Committed, thanks