[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

system/3759: spamdb db update is broken - segmentation fault

>Number:         3759
>Category:       system
>Synopsis:       spamdb db update is broken - segmentation fault
>Confidential:   yes
>Severity:       serious
>Priority:       medium
>Responsible:    bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Apr 27 21:40:01 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Jedi/Sector One
>Release:        3.5-current
>Organization:
net
>Environment:
	System      : OpenBSD 3.5
	Architecture: OpenBSD.i386
	Machine     : i386
>Description:
spamdb -a <ip> and spamdb -d <ip> make spamdb crash with a NULL deref.
It looks like getaddrinfo() doesn't like NULL as the last argument.

>How-To-Repeat:
$ sudo spamdb -a 127.0.0.1
Segmentation fault

>Fix:
Index: spamdb.c
===================================================================
RCS file: /cvs/src/usr.sbin/spamdb/spamdb.c,v
retrieving revision 1.10
diff -u -r1.10 spamdb.c
--- spamdb.c	2004/04/26 18:21:20	1.10
+++ spamdb.c	2004/04/27 21:23:26
@@ -41,6 +41,7 @@
 	time_t		now;
 	int		r;
 	struct addrinfo hints;
+	struct addrinfo *res;	
 
 	now = time(NULL);
 	memset(&btreeinfo, 0, sizeof(btreeinfo));
@@ -51,10 +52,11 @@
 	hints.ai_family = PF_UNSPEC;
 	hints.ai_socktype = SOCK_DGRAM;	/*dummy*/
 	hints.ai_flags = AI_NUMERICHOST;
-	if (getaddrinfo(ip, NULL, &hints, NULL) != 0) {
+	if (getaddrinfo(ip, NULL, &hints, &res) != 0) {
 		warnx("invalid ip address %s", ip);
 		goto bad;
 	}
+	freeaddrinfo(res);
 	memset(&dbk, 0, sizeof(dbk));
 	dbk.size = strlen(ip);
 	dbk.data = ip;


>Release-Note:
>Audit-Trail:
>Unformatted: