There is a bug in /usr/libexec/opensmtpd/mail.local causing buffer overflow when gethostbyname return ::1 for localhost. It is always occurring on my system. GDB output: Starting program: /usr/libexec/opensmtpd/mail.local jiang test *** buffer overflow detected ***: mail.local terminated; report to <http://bugs.gentoo.org/> Program received signal SIGABRT, Aborted. __hardened_gentoo_fail () at chk_fail.c:278 278 INLINE_SYSCALL(kill, 2, pid, SIGABRT); (gdb) backtrace #0 __hardened_gentoo_fail () at chk_fail.c:278 #1 __GI___chk_fail () at chk_fail.c:298 #2 0x0000000000401ff4 in bcopy (__len=<optimized out>, __dest=0x605054 <addr+4>, __src=<optimized out>) at /usr/include/bits/string3.h:97 #3 notifybiff (msg=msg@entry=0x7fffffffb300 "jiang@0\n") at mail.local.c:319 #4 0x00000000004021d1 in deliver (fd=fd@entry=3, name=<optimized out>, lockfile=lockfile@entry=1) at mail.local.c:293 #5 0x0000000000401ab6 in main (argc=<optimized out>, argv=0x7fffffffe5f0) at mail.local.c:112 Details: from mail.local.c: 297 void 298 notifybiff(char *msg) 299 { 300 static struct sockaddr_in addr; ... 310 if (!(hp = gethostbyname("localhost"))) { ... 319 bcopy(hp->h_addr, &addr.sin_addr, (size_t)hp->h_length); If gethostbyname returns ::1, it would be not able to fit in addr. The program doesn't check the size of returned address, and overflows addr using bcopy.
Is this still an issue?
Assuming this is fixed in 7.3.0_p1
