Skip Menu |

This queue is for tickets about the Authen-TacacsPlus CPAN distribution.

Report information
The Basics
Id: 79114
Status: resolved
Worked: 30 min
Priority: 0/
Queue: Authen-TacacsPlus
People
Owner: MIKEM [...] cpan.org
Requestors: gregoa [...] debian.org
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Tue Aug 21 10:57:41 2012 gregoa [...] cpan.org - Ticket created
From: gregoa [...] cpan.org
Subject: libauthen-tacacsplus-perl: segfaults when Tacacs server doesn't answer
This bug has been forwarded from http://bugs.debian.org/685503 Package: libauthen-tacacsplus-perl Version: 0.22-1 Severity: important Perl segfaults when Authen::Tacacs->authen() doesn't get a response from the server. Program received signal SIGSEGV, Segmentation fault. make_auth (username=username@entry=0x7ffff7ba3f57 "", user_len=0, password=0x7ffff7ba3f57 "", password_len=0, authen_type=authen_type@entry=1) at tac_client.c:108 108 switch (ar->status) { (gdb) l 103 send_data(buf,buf_len,tac_fd); 104 free(buf); 105 while ((data_len=read_reply(&data))!=-1){ 106 107 ar=data; 108 switch (ar->status) { 109 case TAC_PLUS_AUTHEN_STATUS_GETUSER: 110 free(data); 111 send_auth_cont(username, user_len); 112 break; (gdb) p ar $1 = (struct authen_reply *) 0x0 (gdb) p data $2 = (void *) 0x0 (gdb) bt #0 make_auth (username=username@entry=0x7ffff7ba3f57 "", user_len=0, password=0x7ffff7ba3f57 "", password_len=0, authen_type=authen_type@entry=1) at tac_client.c:108 #1 0x00007ffff6bf883e in XS_Authen__TacacsPlus_make_auth (my_perl=<optimized out>, cv=<optimized out>) at TacacsPlus.xs:128 #2 0x00007ffff7b1545c in Perl_pp_entersub () from /usr/lib/libperl.so.5.14 #3 0x00007ffff7b0c9b6 in Perl_runops_standard () from /usr/lib/libperl.so.5.14 #4 0x00007ffff7aae585 in perl_run () from /usr/lib/libperl.so.5.14 #5 0x0000000000400f89 in main () -- System Information: Debian Release: wheezy/sid APT prefers stable-updates APT policy: (700, 'stable-updates'), (700, 'stable'), (500, 'testing'), (200, 'unstable'), (100, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.5-trunk-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libauthen-tacacsplus-perl depends on: ii libc6 2.13-35 ii perl 5.14.2-12 ii perl-base [perlapi-5.14.2] 5.14.2-12 libauthen-tacacsplus-perl recommends no packages. libauthen-tacacsplus-perl suggests no packages. -- no debconf information Thanks in advance, gregor herrmann, Debian Perl Group
  Wed Aug 22 07:32:10 2012 mikem [...] open.com.au - Correspondence added
Subject: Re: [rt.cpan.org #79114] libauthen-tacacsplus-perl: segfaults when Tacacs server doesn't answer
Date: Wed, 22 Aug 2012 21:32:51 +1000
To: bug-Authen-TacacsPlus [...] rt.cpan.org
From: Mike McCauley <mikem [...] open.com.au>
Hi, thanks for the report. What OS are you testing on? I know it Wheeze/sid, but 32 or 64 bit? How did you reproduce this problem? Cheers. On Tuesday, August 21, 2012 10:57:42 AM you wrote: Show quoted text
> Tue Aug 21 10:57:41 2012: Request 79114 was acted upon. > Transaction: Ticket created by GREGOA > Queue: Authen-TacacsPlus > Subject: libauthen-tacacsplus-perl: segfaults when Tacacs server > doesn't answer > Broken in: (no value) > Severity: (no value) > Owner: Nobody > Requestors: gregoa@debian.org > Status: new > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=79114 > > > > This bug has been forwarded from http://bugs.debian.org/685503 > > > Package: libauthen-tacacsplus-perl > Version: 0.22-1 > Severity: important > > Perl segfaults when Authen::Tacacs->authen() doesn't get a response from the > server. > > Program received signal SIGSEGV, Segmentation fault. > make_auth (username=username@entry=0x7ffff7ba3f57 "", user_len=0, > password=0x7ffff7ba3f57 "", password_len=0, > authen_type=authen_type@entry=1) at tac_client.c:108 108 switch > (ar->status) { > (gdb) l > 103 send_data(buf,buf_len,tac_fd); > 104 free(buf); > 105 while ((data_len=read_reply(&data))!=-1){ > 106 > 107 ar=data; > 108 switch (ar->status) { > 109 case TAC_PLUS_AUTHEN_STATUS_GETUSER: > 110 free(data); > 111 send_auth_cont(username, user_len); > 112 break; > (gdb) p ar > $1 = (struct authen_reply *) 0x0 > (gdb) p data > $2 = (void *) 0x0 > (gdb) bt > #0 make_auth (username=username@entry=0x7ffff7ba3f57 "", user_len=0, > password=0x7ffff7ba3f57 "", password_len=0, > authen_type=authen_type@entry=1) at tac_client.c:108 #1 0x00007ffff6bf883e > in XS_Authen__TacacsPlus_make_auth (my_perl=<optimized out>, cv=<optimized
> out>) at TacacsPlus.xs:128
> #2 0x00007ffff7b1545c in Perl_pp_entersub () from /usr/lib/libperl.so.5.14 > #3 0x00007ffff7b0c9b6 in Perl_runops_standard () from > /usr/lib/libperl.so.5.14 #4 0x00007ffff7aae585 in perl_run () from > /usr/lib/libperl.so.5.14 #5 0x0000000000400f89 in main () > > > -- System Information: > Debian Release: wheezy/sid > APT prefers stable-updates > APT policy: (700, 'stable-updates'), (700, 'stable'), (500, 'testing'), > (200, 'unstable'), (100, 'experimental') Architecture: amd64 (x86_64) > > Kernel: Linux 3.5-trunk-amd64 (SMP w/4 CPU cores) > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > > Versions of packages libauthen-tacacsplus-perl depends on: > ii libc6 2.13-35 > ii perl 5.14.2-12 > ii perl-base [perlapi-5.14.2] 5.14.2-12 > > libauthen-tacacsplus-perl recommends no packages. > > libauthen-tacacsplus-perl suggests no packages. > > -- no debconf information > > > > Thanks in advance, > gregor herrmann, Debian Perl Group
-- Mike McCauley mikem@open.com.au Open System Consultants Pty. Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au Phone +61 7 5598-7474 Fax +61 7 5598-7070 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
  Wed Aug 22 07:32:11 2012 The RT System itself - Status changed from 'new' to 'open'
  Wed Aug 22 08:27:09 2012 gregoa [...] debian.org - Correspondence added
CC: 685503-submitter [...] bugs.debian.org
Subject: Re: [rt.cpan.org #79114] libauthen-tacacsplus-perl: segfaults when Tacacs server doesn't answer
Date: Wed, 22 Aug 2012 14:26:50 +0200
To: "mikem [...] open.com.au via RT" <bug-Authen-TacacsPlus [...] rt.cpan.org>
From: gregor herrmann <gregoa [...] debian.org>
On Wed, 22 Aug 2012 07:32:11 -0400, mikem@open.com.au via RT wrote: Show quoted text
> thanks for the report.
Thanks for your quick reply! Show quoted text
> What OS are you testing on?
Debian GNU/Linux. Show quoted text
> I know it Wheeze/sid, but 32 or 64 bit?
That's hidden in the footer of the original bug report: | Architecture: amd64 (x86_64) | Kernel: Linux 3.5-trunk-amd64 (SMP w/4 CPU cores) | perl 5.14.2-12 Show quoted text
> How did > you reproduce this problem?
I didn't, I just forwarded the original bug report :) Let's ask the submitter (cc'ed): Daniel, can you provide a bit more info, e.g. a minimal test case? Cheers, gregor -- .''`. Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06 : :' : Debian GNU/Linux user, admin, and developer - http://www.debian.org/ `. `' Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe `- BOFH excuse #132: SCSI Chain overterminated
  Wed Aug 22 09:47:58 2012 daniel [...] lbe.rs - Correspondence added
CC: "mikem [...] open.com.au via RT" <bug-Authen-TacacsPlus [...] rt.cpan.org>, 685503-submitter [...] bugs.debian.org
Subject: Re: Bug#685503: [rt.cpan.org #79114] libauthen-tacacsplus-perl: segfaults when Tacacs server doesn't answer
Date: Wed, 22 Aug 2012 13:47:39 +0000
To: gregor herrmann <gregoa [...] debian.org>, 685503-quiet [...] bugs.debian.org
From: Daniel Albers <daniel [...] lbe.rs>
On Wed, 22 Aug 2012 gregor herrmann <gregoa@debian.org> wrote: Show quoted text
> On Wed, 22 Aug 2012 07:32:11 -0400, mikem@open.com.au via RT wrote:
>> How did >> you reproduce this problem?
> > I didn't, I just forwarded the original bug report :) > > Let's ask the submitter (cc'ed): > Daniel, can you provide a bit more info, e.g. a minimal test case?
Sure - after taking a closer look, the problem seems reproducable when using an incorrect key for communication with a Cisco ACS 5.1 server. What's happening is: - ACS SYN/ACKs the TCP connection - client sends TACACS+ Authentication Query - ACS ACKs, internally logs an error due to incorrect key - ACS FIN-closes the TCP connection without sending a TACACS+ Response - perl segfaults $ perl -Mstrict -MAuthen::TacacsPlus -we'Authen::TacacsPlus->new(Host => q/acs/, Key => q/incorrectkey/)->authen(q/a/, q/b/);' Segmentation fault Cheers, Daniel
  Thu Aug 23 03:27:55 2012 mikem [...] open.com.au - Correspondence added
Subject: Re: Bug#685503: [rt.cpan.org #79114] libauthen-tacacsplus-perl: segfaults when Tacacs server doesn't answer
Date: Thu, 23 Aug 2012 17:28:45 +1000
To: bug-Authen-TacacsPlus [...] rt.cpan.org
From: Mike McCauley <mikem [...] open.com.au>
Hi, thanks for reporting this. Updated Authen-TacacsPlus and uploaded 0.23 to CPAN: 0.23 Wed Aug 23, 2012 Mike McCauley - Fixed problems in low level read_data() function triggered when an incorrect key is used with some Tacacs+ servers, resulting in a 0-length read(), causing a seg fault on some platforms, and a very slow exit on others. This problem appears to have been in tac_client ever since I inherited this library. Cheers. On Wednesday, August 22, 2012 09:47:59 AM you wrote: Show quoted text
> Queue: Authen-TacacsPlus > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=79114 > > > On Wed, 22 Aug 2012 gregor herrmann <gregoa@debian.org> wrote:
> > On Wed, 22 Aug 2012 07:32:11 -0400, mikem@open.com.au via RT wrote:
> >> How did > >> you reproduce this problem?
> > > > I didn't, I just forwarded the original bug report :) > > > > Let's ask the submitter (cc'ed): > > Daniel, can you provide a bit more info, e.g. a minimal test case?
> > Sure - after taking a closer look, the problem seems reproducable when > using an incorrect key for communication with a Cisco ACS 5.1 server. > > What's happening is: > - ACS SYN/ACKs the TCP connection > - client sends TACACS+ Authentication Query > - ACS ACKs, internally logs an error due to incorrect key > - ACS FIN-closes the TCP connection without sending a TACACS+ Response > - perl segfaults > > $ perl -Mstrict -MAuthen::TacacsPlus -we'Authen::TacacsPlus->new(Host > => q/acs/, Key => q/incorrectkey/)->authen(q/a/, q/b/);' > Segmentation fault > > Cheers, Daniel
-- Mike McCauley mikem@open.com.au Open System Consultants Pty. Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au Phone +61 7 5598-7474 Fax +61 7 5598-7070 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
  Thu Feb 07 21:05:43 2013 MIKEM [...] cpan.org - TimeWorked changed from (no value) to '30'
  Thu Feb 07 21:05:43 2013 MIKEM [...] cpan.org - Status changed from 'open' to 'resolved'
  Thu Feb 07 21:05:44 2013 MIKEM [...] cpan.org - Given to MIKEM