Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 87917 - monkeyd local DoS
Summary: monkeyd local DoS
Status: RESOLVED DUPLICATE of bug 87916
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High normal (vote)
Assignee: Gentoo Security
Depends on:
Reported: 2005-04-04 08:26 UTC by rob holland (RETIRED)
Modified: 2007-01-06 16:56 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description rob holland (RETIRED) gentoo-dev 2005-04-04 08:26:23 UTC
Putting a zero byte file in htdocs somewhere and then requesting it repeatedly will cause monkeyd to corrupt memory/blow up depending on MALLOC_CHECK_

Dodgy code is:

void M_free(void *ptr)
        memset(ptr, '\0', sizeof(ptr));

The memset doesn't do what was intended. This isn't normally visible but the 0 byte file causes monkeyd to malloc(0) which means there is no data allocated to "absorb" the broken memset call. The ptr=NULL thing is also just plain weird :)

Problem was spotted by ciaranm and investigated by me.

The code is pretty scary, taviso is checking it over some more atm so hold fire on any glsa etc ;)
Comment 1 Luke Macken (RETIRED) gentoo-dev 2005-04-04 08:33:24 UTC

*** This bug has been marked as a duplicate of 87916 ***