Created attachment 864415 [details, diff] proposed patch /usr/sbin/dictd --locale en_GB.UTF-8 --debug nodetach --debug auth :I: 3205 starting dictd 1.13.1/rf on Linux 6.1.32-k08 Thu Jun 22 18:11:05 2023 :I: using locale "en_GB.UTF-8" :I: dict_aero 26536 595673 463624 1399087 :I: vera 25620 776649 226491 670523 :I: wn 147311 3074162 9469482 30958162 Match * with localhost/127.0.0.1 :C: "dict 1.13.1/rf on Linux 6.1.32-k08" Got eb0dbc9140d01fe16ccc3c5c79ad3d99 expected d331022e8209eda9cabe39a7c28d3da9 :A: guest@localhost/127.0.0.1 denied: hash mismatch *** stack smashing detected ***: terminated how to reproduce: 1. # emerge -pv dictd [ebuild R ] app-text/dictd-1.13.1::gentoo USE="-dbi -judy -minimal -test" 0 KiB 2. add the following line to the end of /etc/dict/dictd.conf, and a few dictionaries: user guest guest 3. add the following file to client: ~ $ cat ~/.dictrc server 127.0.0.1 { port 2628 user guest guest } 4. start daemon in debug mode as above, get error when trying to query the server: ./dict abac dict: Authentication to 127.0.0.1.2628 denied dict (client_read_status): Error reading from socket client_read_status: Connection reset by peer the attached patch fixes both the buffer overflow and the auth failure. tested on dictd-1.13.1. debian also uses a similar patch, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611203 contrary to discussion on the debian tracker, this auth failure also happens if both client and server are amd64. tried to contact upstream, but gave up. sf.net tracker is out-of-bounds to mere mortals, mailing list is behind a mail server that does not recognize the destination address, author email address not found in sources. after patch: /usr/sbin/dictd --locale en_GB.UTF-8 --debug nodetach --debug auth :I: 10376 starting dictd 1.13.1/rf on Linux 6.1.32-k08 Thu Jun 22 18:19:21 2023 :I: using locale "en_GB.UTF-8" :I: dict_aero 26536 595673 463624 1399087 :I: vera 25620 776649 226491 670523 :I: wn 147311 3074162 9469482 30958162 Match * with localhost/127.0.0.1 :C: "dict 1.13.1/rf on Linux 6.1.32-k08" Got 6c20f756d4fa1087f6ff70aff87309f0 expected 6c20f756d4fa1087f6ff70aff87309f0 Match * with localhost/127.0.0.1 :D: * "abac" 1 :I: quit: d/m/c = 1/0/42; 0.000r 0.000u 0.000s much success.
Created attachment 864416 [details] emerge info
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f45e8d10b4724c111fdb61446be1b4595dff99ab commit f45e8d10b4724c111fdb61446be1b4595dff99ab Author: Sam James <sam@gentoo.org> AuthorDate: 2023-06-24 03:34:49 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-06-24 03:34:49 +0000 app-text/dictd: fix stack smashing from silly typedef Closes: https://bugs.gentoo.org/908998 Signed-off-by: Sam James <sam@gentoo.org> app-text/dictd/dictd-1.13.0-r6.ebuild | 130 +++++++++++++++++++++ .../dictd/files/dictd-1.13.0-stack-smashing.patch | 18 +++ 2 files changed, 148 insertions(+)
Thanks!
