[Linux-ha-dev] Re: Bug#459804: heartbeat segfaults when using 65+
char authkey
Simon Horman
horms at verge.net.au
Tue Jan 8 19:17:19 MST 2008
On Tue, Jan 08, 2008 at 08:05:28PM +0000, Systeem Beheerder wrote:
> Package: heartbeat
> Version: 1.2.5-3
> Severity: important
>
> from my authekeys
>
> 1 sha1 1234567890123456789012345678901234567890123456789012345678901234
> 2 sha1 12345678901234567890123456789012345678901234567890123456789012345
>
> when using auth 2 I see this line in syslog
> kernel: heartbeat[4032]: segfault at 00007fff41a00000 rip 00002b246967e217 rsp 00007fff41ae29c0 error 4
> authkey 1 has no problems
>
> Marked important as I see some sting defined with length 64 in lib/plugins/HBauth/sha1.c
> and AFAIK this could be used for buffer overflow attacks.
>
> md5 looks unaffected.
Hi Systeem,
Thanks for bringing this to my attention.
I imagine the fix is as simple as adding some bounds checking.
I'm not sure that it will have any sevurity implications,
if the code in question only takes input from authkeys,
then that input can only be provided as root. But this
certainly does warrant further investigation.
--
Horms
More information about the Linux-HA-Dev
mailing list