| Summary: | l2tpd: /var/run/l2tpd.pid may not contain PID | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Roger Luethi <rl> |
| Component: | [OLD] Server | Assignee: | Gentoo Dialup Developers <net-dialup> |
| Status: | RESOLVED TEST-REQUEST | ||
| Severity: | normal | ||
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Attachments: | l2tpd-0.70_pre20031121.ebuild | ||
According to Jacco de Leeuw, Debian has additional patches that fix this bug and more. Might be worth a look. On my box, only the first 4 digits of the pid are written into the file. When the service is stopped, it might happen that the *wrong process* is killed!! For me, this looks like a pretty severe problem. Same problem as Michel Wilson, only first 4 digits of the pid are stored, so if you start l2tp and the pid is 5 digits, start-stop-daemon isn't able to stop it. Created attachment 39530 [details] l2tpd-0.70_pre20031121.ebuild This ebuild is based on Debian's unstable version (http://packages.debian.org/unstable/net/l2tpd). commited l2tpd-0.70_pre20031121.ebuild, please test this one |
l2tpd determines the size of a string buffer with strlen instead of sizeof, on a potentially uninitialized pointer. It's pure luck if /var/run/l2tpd.pid contains the PID (it does not for me). Seen with 0.69-r1. Fix: --- l2tpd.c.orig 2004-06-19 23:16:21.000000000 +0200 +++ l2tpd.c 2004-06-20 00:47:41.000000000 +0200 @@ -1036,7 +1036,7 @@ if(! pidfilewritten) { unlink(gconfig.pidfile); if ((i = open (gconfig.pidfile, O_WRONLY | O_CREAT, 0640)) >= 0) { - snprintf (buf, strlen(buf), "%d\n", (int)getpid()); + snprintf (buf, sizeof(buf), "%d\n", (int)getpid()); write (i, buf, strlen(buf)); close (i); pidfilewritten = 1; Reproducible: Always Steps to Reproduce: