|Summary:||security/oidentd: SIGSEV when a lookup arrives|
|Product:||Ports & Packages||Reporter:||nico|
|Component:||Individual Port(s)||Assignee:||Oliver Lehmann <oliver>|
|Severity:||Affects Some People||CC:||david.morgan, henrikes-fbsdbugzilla|
Description nico 2017-10-31 12:06:29 UTC
11.1-RELEASE-p2 / amd64 / IPv6 security/oidentd-2.0.8_2 from ports (IPV6=yes, didn't test without) SIGSEV's for me when a lookup arrives. root@997:~ # /usr/local/sbin/oidentd -C /usr/local/etc/oidentd.conf -di Connection from 2001:708:40:2001::f5ee:d0de:54994 Caught SIGSEGV The package version oidentd-2.0.8_2.txz works fine for me: root@997:~ # /usr/local/sbin/oidentd -C /usr/local/etc/oidentd.conf -di Connection from 2001:708:40:2001::f5ee:d0de:38756 [2001:708:40:2001::f5ee:d0de] Successful lookup: 34558 , 6697 : nico (nico) Pretty standard system, no special make.conf besides WITH_SSP_PORTS=yes
Comment 1 henrikes-fbsdbugzilla 2017-11-16 08:43:08 UTC
I've also stumbled upon this bug. IPv4 requests gets the response without issues, but IPv6 causes SIGSEGV.
Comment 2 Tobias Kortkamp 2018-03-11 14:19:27 UTC
Fix bug title and assign maintainer manually.
Comment 3 henrikes-fbsdbugzilla 2018-08-15 10:22:32 UTC
The bug is now also seen in 11.2-RELEASE after installing oidentd-2.0.8_2.txz As I am a novice, I have no clue, but if I install an older version that I found in my cache, then it works as expected. 31800 Aug 8 18:23 oidentd-2.0.8_2-5011e8b44f.txz - does not work 31996 Nov 5 2017 oidentd-2.0.8_2-e88e625fb8.txz - works
Comment 4 nico 2018-12-28 15:19:15 UTC
BTW the version 2.0.8 is VERY outdated, the project seems to be maintained at GitHub now: https://github.com/janikrabe/oidentd/releases
Comment 5 nico 2018-12-28 15:37:58 UTC
I've upgraded to 2.3.1 (+removed files/patch-*) and tried again, it works now. However dropping privs to nobody/nogroup will break it again so it has to run as root.