Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 54544 - l2tpd: /var/run/l2tpd.pid may not contain PID
Summary: l2tpd: /var/run/l2tpd.pid may not contain PID
Status: RESOLVED TEST-REQUEST
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Server (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Dialup Developers
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-06-20 11:59 UTC by Roger Luethi
Modified: 2004-09-15 07:13 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
l2tpd-0.70_pre20031121.ebuild (l2tpd-0.70_pre20031121.ebuild,1.21 KB, text/plain)
2004-09-13 14:12 UTC, Alin Năstac (RETIRED) 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Roger Luethi 2004-06-20 11:59:09 UTC 
l2tpd determines the size of a string buffer with strlen instead
of sizeof, on a potentially uninitialized pointer. It's pure
luck if /var/run/l2tpd.pid contains the PID (it does not
for me).

Seen with 0.69-r1.

Fix:

--- l2tpd.c.orig        2004-06-19 23:16:21.000000000 +0200
+++ l2tpd.c     2004-06-20 00:47:41.000000000 +0200
@@ -1036,7 +1036,7 @@
     if(! pidfilewritten) {
         unlink(gconfig.pidfile);
         if ((i = open (gconfig.pidfile, O_WRONLY | O_CREAT, 0640)) >= 0) {
-            snprintf (buf, strlen(buf), "%d\n", (int)getpid());
+            snprintf (buf, sizeof(buf), "%d\n", (int)getpid());
             write (i, buf, strlen(buf));
             close (i);
             pidfilewritten = 1;


Reproducible: Always
Steps to Reproduce:
Comment 1 Roger Luethi 2004-06-21 00:12:26 UTC 
According to Jacco de Leeuw, Debian has additional patches that
fix this bug and more. Might be worth a look.
Comment 2 Michel Wilson 2004-08-19 04:11:23 UTC 
On my box, only the first 4 digits of the pid are written into the file. When the service is stopped, it might happen that the *wrong process* is killed!! For me, this looks like a pretty severe problem.
Comment 3 Sverre 2004-09-06 05:39:38 UTC 
Same problem as Michel Wilson, only first 4 digits of the pid are stored, so if you start l2tp and the pid is 5 digits, start-stop-daemon isn't able to stop it.
Comment 4 Alin Năstac (RETIRED) gentoo-dev 2004-09-13 14:12:27 UTC 
Created attachment 39530 [details]
l2tpd-0.70_pre20031121.ebuild

This ebuild is based on Debian's unstable version
(http://packages.debian.org/unstable/net/l2tpd).
Comment 5 Heinrich Wendel (RETIRED) gentoo-dev 2004-09-15 07:13:40 UTC 
commited l2tpd-0.70_pre20031121.ebuild, please test this one