Bug 14844

Summary: rwhod is remotely crashable
Product: Base System Reporter: xaa <xaa>
Component: binAssignee: freebsd-bugs (Nobody) <bugs>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 4.0-CURRENT   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description xaa 1999-11-12 16:30:01 UTC 
	Sending a too short rwho package to a little-endian machine
	will result in a SIGBUS, crashing rwhod

Fix: Apply diff to current en stable
How-To-Repeat: 
	Take rwhod's code for sending rwho packages, but instead of the
	correct length (in the variable cc in line ~470), send e.g. 48.
	In the code for littl-endian machines the length of the
	user-list is calculated by:
	    (cc-WHDRSIZE)/sizeof(struct whoent)
	which, due to the sizeof(), returns an unsigned int, which
	results in a wrong loop a few lines later on)
	The patch below will just drop a short package and log it
Comment 1 iedowse freebsd_committer freebsd_triage 2000-12-22 22:03:09 UTC 
State Changed
From-To: open->closed

Fixed in revision 1.15 of src/usr.sbin/rwhod/rwhod.c using a slightly 
different patch. I will merge to RELENG_4 in a few days. Thanks 
for the bug report!