Hylafax Mailing List Archives

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

HylaFax bug in SNPPserver




  I have hylafax-v4.0pl1 on a RedHat 4.1 Linux box.  I'm trying to
sendpage from a remote machine.  The hfaxd SEGVs on me.  When using
sendpage from a local machine, it works just fine.

  Using my netpipes utilities and the wonderful GDB attach feature, I
managed to nail the segment of code that is misbehaving:

Program received signal SIGSEGV, Segmentation fault.
0x806be56 in SNPPServer::loginCmd (this=0x80be6b8, loginID=0x80ba8f0 "thoth", 
    pass=0x0) at SNPPServer.c++:993
993                 if (pass[0] == '\0' || !streq(crypt(pass, passwd), passwd)) 

  As you can see from the GDB stack dump, pass == 0, so dereferencing it
will cause most OSs to SEGV (excepting the really wacky ones who map it
to a NUL character).  Add a check to ensure that pass is non-0 .

  This bug will not be exercised if the user is authorized to use the
service without a password.  Since I hadn't configured my etc/hosts
properly, I suffered this bug.

-- 
Bob Forsman                                   thoth@gainesville.fl.us
           http://www.gainesville.fl.us/~thoth/



Home
Report any problems to webmaster@hylafax.org

HylaFAX is a trademark of Silicon Graphics Corporation.
Internet connectivity for hylafax.org is provided by:
VirtuALL Private Host Services