| CC: | tazervas [...] earthlink.net |
| Subject: | Valid or invalid passwords longer than 29 characters cause perl to abort |
| Date: | Fri, 26 Aug 2011 06:25:14 -0700 (GMT-07:00) |
| To: | bug-Filesys-SmbClient [...] rt.cpan.org |
| From: | Todd Zervas <tazervas [...] earthlink.net> |
Valid or invalid passwords longer than 29 characters cause perl to abort with a buffer overflow. This may turn out to be a security bug.
*** buffer overflow detected ***: /usr/bin/perl terminated
======= Backtrace: =========
/lib64/libc.so.6(__chk_fail+0x2f)[0x3cf16e807f]
/usr/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi/auto/Filesys/SmbClient/SmbClient.so(set_fn+0x39)[0x2b9661c04a29]
/usr/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi/auto/Filesys/SmbClient/SmbClient.so(XS_Filesys__SmbClient__init+0x1d2)[0x2b9661c0ad72]
/usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/CORE/libperl.so(Perl_pp_entersub+0x3f6)[0x3cf3690aa6]
/usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/CORE/libperl.so(Perl_runops_standard+0xe)[0x3cf368a34e]
/usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/CORE/libperl.so(perl_run+0x30a)[0x3cf363808a]
/usr/bin/perl(main+0xfc)[0x4017bc]
/lib64/libc.so.6(__libc_start_main+0xf4)[0x3cf161d994]
/usr/bin/perl[0x401609]
Version: Filesys-SmbClient-3.1
For perl v5.8.8 built for x86_64-linux-thread-multi
Linux fqdn 2.6.18-274.el5 #1 SMP Fri Jul 8 17:36:59 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux
Sample code which will cause this bug to appear:
#!/usr/bin/perl -w
use strict;
use warnings;
use integer;
use Filesys::SmbClient;
my $smb = new Filesys::SmbClient(
username => 'username',
password => '123456789012345678901234567890',
workgroup => 'workgroup'
);
my $dirh = $smb->opendir('smb://server/share');
die "$!\n" unless $dirh;
foreach my $direntry ( $smb->readdir_struct($dirh) )
{
print $$direntry[1], "\n";
}
$smb->closedir($dirh);