Package: l2tpns
Version: 2.2.1-1+b1
Severity: grave
Tags: patch
Justification: renders package unusable
Dear Maintainer,
Running l2tpns causes an instance crash as follows:
# l2tpns -v
*** buffer overflow detected ***: l2tpns terminated
(full trace removed as it doesn't help)
The problem exists in the ring buffer logging code. Specially the vsprintf
is called with a length of 4095 when the size of the buffer is MAX_LOG_LENGTH
(defined as 512 in l2tpns.h). The result is that as soon as the program is
executed it crashes as soon as a few log messages are printed. The following
patch resolves the problem.
I also have some more minor fixes, which resolve compiler warnings. I am happy
to share these if you let me know where to send them!
Dave
-- Begin patch
diff --git a/l2tpns.c b/l2tpns.c
index 41e12de..2680908 100644
--- a/l2tpns.c
+++ b/l2tpns.c
@@ -268,7 +268,7 @@ void _log(int level, sessionidt s, tunnelidt t, const char
*format, ...)
ringbuffer->buffer[ringbuffer->tail].session = s;
ringbuffer->buffer[ringbuffer->tail].tunnel = t;
va_start(ap, format);
- vsnprintf(ringbuffer->buffer[ringbuffer->tail].message, 4095,
format, ap);
+ vsnprintf(ringbuffer->buffer[ringbuffer->tail].message,
MAX_LOG_LENGTH-1, format, ap);
va_end(ap);
}
#endif
-- End patch
-- System Information:
Debian Release: 8.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages l2tpns depends on:
ii libc6 2.19-18+deb8u3
ii libcli1.9 1.9.7-1
l2tpns recommends no packages.
l2tpns suggests no packages.
-- no debconf information
