[xinetd/f19] xinetd segfaults when connecting to tcpmux service

jsynacek jsynacek at fedoraproject.org
Tue Dec 3 11:30:31 UTC 2013 

commit 342c9956d6f6167478d47384d9dbc78307f66a6f
Author: Jan Synacek <jsynacek at redhat.com>
Date:   Tue Dec 3 10:51:46 2013 +0100

    xinetd segfaults when connecting to tcpmux service
    
    Resolves: #1033528

 ...-2.3.15-tcpmux-nameinargs-disable-service.patch |   37 ++++++++++++++++++++
 xinetd.spec                                        |    9 ++++-
 2 files changed, 45 insertions(+), 1 deletions(-)
---
diff --git a/xinetd-2.3.15-tcpmux-nameinargs-disable-service.patch b/xinetd-2.3.15-tcpmux-nameinargs-disable-service.patch
new file mode 100644
index 0000000..351cad0
--- /dev/null
+++ b/xinetd-2.3.15-tcpmux-nameinargs-disable-service.patch
@@ -0,0 +1,37 @@
+Xinetd parses and applies its configuration line by line. If a user wants to
+specify NAMEINARGS as a flag, it has to be *before* specifying 'server_args'.
+
+Author: Jan Synacek <jsynacek at redhat.com>
+Resolves: #1033528
+
+--- a/xinetd/parse.c	2013-11-21 10:51:25.025436376 +0100
++++ b/xinetd/parse.c	2013-11-21 14:45:44.374121057 +0100
+@@ -631,6 +631,16 @@ static status_e identify_attribute( entr
+       return OK;
+    }
+ 
++   /* If flags contain NAMEINARGS and server_args is already set, disable the service.
++	  Server args are already set incorrectly. */
++   if ( strcmp( ap->a_name, "flags" ) == 0 &&
++        SC_SERVER_ARGV( scp ) )
++   {
++      parsemsg( LOG_ERR, func,
++         "NAMEINARGS flag is set after server_args - DISABLING SERVICE" ) ;
++      SC_DISABLE( scp );
++   }
++
+    if ( (*ap->a_parser)( attr_values, scp, op ) == OK )
+    {    /* This is the normal path. */
+ 	SC_SPECIFY( scp, ap->a_id ) ;
+--- a/xinetd/xinetd.conf.man	2013-12-03 10:06:35.717977075 +0100
++++ b/xinetd/xinetd.conf.man	2013-12-03 10:41:14.779089430 +0100
+@@ -106,7 +106,8 @@
+ This will cause the first argument in "server_args" to be argv[0] when
+ executing the server, as specified in "server".  This allows you to use
+ tcpd by putting tcpd in "server" and the name of the server in "server_args"
+-like in normal inetd.
++like in normal inetd. This flag has to be specified before "server_args",
++otherwise is not taken into account.
+ .TP
+ .B NODELAY
+ If the service is a tcp service and the NODELAY flag is set, then the
diff --git a/xinetd.spec b/xinetd.spec
index 991ac88..5172c6d 100644
--- a/xinetd.spec
+++ b/xinetd.spec
@@ -1,7 +1,7 @@
 Summary: A secure replacement for inetd
 Name: xinetd
 Version: 2.3.15
-Release: 8%{?dist}
+Release: 9%{?dist}
 License: xinetd
 Group: System Environment/Daemons
 Epoch: 2
@@ -56,6 +56,8 @@ Patch27: xinetd-2.3.15-bad-port-check.patch
 # Fix #977873 - Use full path to server when checking selinux context
 Patch28: xinetd-2.3.15-context-exepath.patch
 Patch29: xinetd-2.3.15-creds.patch
+# Fix #1033528 - xinetd segfaults when connecting to tcpmux service
+Patch30: xinetd-2.3.15-tcpmux-nameinargs-disable-service.patch
 
 BuildRequires: autoconf, automake
 BuildRequires: libselinux-devel >= 1.30
@@ -112,6 +114,7 @@ located in the /etc/xinetd.d directory.
 %patch27 -p1 -b .bad-port-check
 %patch28 -p1 -b .context-exepath
 %patch29 -p1 -b .creds
+%patch30 -p1
 
 aclocal
 autoconf
@@ -159,6 +162,10 @@ install -m 600 %SOURCE3 $RPM_BUILD_ROOT/etc/sysconfig/xinetd
 %{_mandir}/*/*
 
 %changelog
+* Tue Dec  3 2013 Jan Synáček <jsynacek at redhat.com> - 2:2.3.15-9
+- xinetd segfaults when connecting to tcpmux service
+- Resolves: #1033528
+
 * Thu Oct  3 2013 Jan Synáček <jsynacek at redhat.com> - 2:2.3.15-8
 - Honor user and group directives
 - Resolves: CVE-2013-4342

More information about the scm-commits mailing list