Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 491164 - net-misc/hylafaxplus breaks with glibc 2.17 changed crypt behaviour
Summary: net-misc/hylafaxplus breaks with glibc 2.17 changed crypt behaviour
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Matthew Marlowe (RETIRED)
URL:
Whiteboard:
Keywords: PATCH
Depends on: 512564
Blocks: glibc-2.17
  Show dependency tree
 
Reported: 2013-11-13 12:23 UTC by Heiko Wundram
Modified: 2014-07-28 07:37 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Patch to fix crypt() calls by wrapping in error checking method. (hylafax-libc217-crypt.patch,3.08 KB, patch)
2013-11-13 12:24 UTC, Heiko Wundram 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Heiko Wundram 2013-11-13 12:23:47 UTC 
glibc 2.17 changed the behaviour of the crypt() libc function in that it now returns NULL when the input (especially the salt) is broken. hylafax(plus) does not handle NULL returns from crypt() in the server daemon, and as such will simply segfault when trying to pass the NULL return to strcmp() in the corresponding server routines.

The attached patch fixes the corresponding usage in the server component of hylafaxplus, replacing all crypt() calls in the server code with corresponding calls to a Sys::crypt() wrapper which returns the empty string in case crypt() returns NULL. As the user setup in hfaxd will always set up something other than the empty string in passWd - which the crypt output is checked against - in case the authentication is delegated to PAM or to the users file, or isn't found in either, this is okay (and will fail the strcmp() tests).

Please recheck the corresponding fix and include it in the distribution for hylafaxplus.
Comment 1 Heiko Wundram 2013-11-13 12:24:40 UTC 
Created attachment 363194 [details, diff]
Patch to fix crypt() calls by wrapping in error checking method.

This adds a new static Sys.h include which contains the appropriate wrapper to return an invalid string in case crypt() returns NULL.
Comment 2 Matthew Marlowe (RETIRED) gentoo-dev 2013-11-15 20:55:10 UTC 
Thanks for reporting this and also for looking into what is required for a fix, we probably need to bump the ebuilds in the tree to the newest upstream first before considering the patch, but if this is blocking stabilizing a newer glibc..it's certainly a priority.
Comment 3 Matt Turner gentoo-dev 2013-12-31 16:59:58 UTC 
(In reply to Matthew Marlowe from comment #2)
> Thanks for reporting this and also for looking into what is required for a
> fix, we probably need to bump the ebuilds in the tree to the newest upstream
> first before considering the patch, but if this is blocking stabilizing a
> newer glibc..it's certainly a priority.

Huh? The latest version (5.5.4) was released upstream on Aug 6 2013 and was added to portage Sept 27. Your comment is from November 15th...?

Anyway, the newest version is now in portage, and this is the last bug (minus glibc-2.16.0 stabilization) blocking glibc-2.17.
Comment 4 Matthew Marlowe (RETIRED) gentoo-dev 2014-01-11 00:17:14 UTC 
Patch in CVS for testing (5.5.4-r1)
Comment 5 Sergey Popov gentoo-dev 2014-07-28 07:37:14 UTC 
Fix hit stable tree, closing