Bug#356858: xdm chokes on null pointers in address structures returned by getifaddrs()
Package: xdm
Version: 1:1.0.1-2
Tags: experimental
Hi,
xdm makes the presumption that the "ifa_addr" pointer member
of the ifaddrs structures returned by getifaddrs() is
always valid (i.e. non-NULL):
731 Debug("DefineSelf\n");
732 if (getifaddrs(&ifap) < 0)
733 return;
734 for (ifr = ifap; ifr != NULL; ifr = ifr->ifa_next) {
>>> 735 len = sizeof(*(ifr->ifa_addr));
736 family = ConvertAddr((XdmcpNetaddr)(ifr->ifa_addr), &len, &addr);
... which it isn't. A small test program shows that this
member may be NULL for point-to-point devices - this is the
data produced by getifaddrs() on my box (displaying ifa_addr
if non-NULL; globally visible addresses dotted for privacy):
Addr of eth0 (flags 0x1043): (Family 17) IFIndex 1
Addr of lo (flags 0x49): (Family 17) IFIndex 2
Addr of eth1 (flags 0x1003): (Family 17) IFIndex 3
Addr of sit0 (flags 0x80): (Family 17) IFIndex 4
Addr of tap0 (flags 0x1043): (Family 17) IFIndex 5
Addr of tap1 (flags 0x1043): (Family 17) IFIndex 6
Addr of ppp0 (flags 0x10d1): NULL
Addr of ppp1 (flags 0x10d1): NULL
Addr of ippp0 (flags 0xd1): NULL
Addr of lo (flags 0x49): (Family 2) Addr 0x0100007f Mask 0x000000ff
Addr of eth1 (flags 0x1003): (Family 2) Addr 0x3d40a8c0 Mask 0x00ffffff
Addr of tap0 (flags 0x1043): (Family 2) Addr 0x0120a8c0 Mask 0x00ffffff
Addr of tap1 (flags 0x1043): (Family 2) Addr 0x0121a8c0 Mask 0x00ffffff
Addr of ppp0 (flags 0x10d1): (Family 2) Addr 0x........ Mask 0xffffffff
Addr of ppp1 (flags 0x10d1): (Family 2) Addr 0x........ Mask 0xffffffff
Addr of ippp0 (flags 0xd1): (Family 2) Addr 0x........ Mask 0xffffffff
Addr of eth0 (flags 0x1043): (Family 10) Addr fe80000000000000................
Addr of lo (flags 0x49): (Family 10) Addr 0000000000000000................
Addr of tap0 (flags 0x1043): (Family 10) Addr fe80000000000000................
Addr of tap1 (flags 0x1043): (Family 10) Addr fe80000000000000................
For the sake of completion, here's an excerpt of xdm's debug output,
a few comments inserted:
[...]
source /usr/X11R6/lib/X11/xdm/Xstartup
StartSession /usr/X11R6/lib/X11/xdm/Xsession: /usr/X11R6/lib/X11/xdm/Xsession ;
DISPLAY=:0 HOME=/home/jcn LOGNAME=jcn USER=jcn PATH=/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games SHELL=/bin/bash
>>> fork(); the following messages originate from the child
User netname: unix.1000@(none)
getsecretkey returns 0, key length 0
Could not set secret key.
SetUserAuthorization
XauLockAuth /home/jcn/.Xauthority
Lock is 0
opens succeeded /home/jcn/.Xauthority /home/jcn/.Xauthority-n
openFiles failed
backup lock is 0
opens succeeded /tmp/.XauthTk38EO /tmp/.XauthTk38EO-n
2 authorization protocols for :0
writeLocalAuth: :0 MIT-MAGIC-COOKIE-1
setAuthNumber :0
setAuthNumber: 0
DefineSelf
ConvertAddr returning -1 for family 17
ConvertAddr returning -1 for family 17
ConvertAddr returning -1 for family 17
ConvertAddr returning -1 for family 17
ConvertAddr returning -1 for family 17
ConvertAddr returning -1 for family 17
>>> child SIGSEGV, parent continues
StartSession, fork succeeded 26437
Client Started
Source reset program /usr/X11R6/lib/X11/xdm/Xreset
source /usr/X11R6/lib/X11/xdm/Xreset
Shell script execution: /bin/sh (optarg (null))
RemoveUserAuthorization
XauLockAuth /home/jcn/.Xauthority
Lock is 0
opens succeeded /home/jcn/.Xauthority /home/jcn/.Xauthority-n
writeLocalAuth: :0 XDM-AUTHORIZATION-1
setAuthNumber :0
setAuthNumber: 0
DefineSelf
ConvertAddr returning -1 for family 17
ConvertAddr returning -1 for family 17
ConvertAddr returning -1 for family 17
ConvertAddr returning -1 for family 17
ConvertAddr returning -1 for family 17
ConvertAddr returning -1 for family 17
>>> parent SIGSEGV
Suggested code insertion:
735 if (!ifr->ifa_addr) continue;
Or is this a bug in libc6? A struct ifaddrs with a NULL ifa_addr
member is rather pointless...
Regards,
Jan
--
Jan C. Nordholz
<jckn At gmx net>
Reply to: