[Bug 1175869] [NEW] coding error can lead to connections going to localhost rather than desired system

[Michael Hudson-Doyle]

Public bug reported:

The bug is present in raring, but also in the upstream 3.0.0 release.

This code from newsocket in sock.c:

  int herrno;
  struct sockaddr_in cli; 
  struct hostent     *hp;
...
  {
    struct hostent hent;
    char hbf[8192]; 
    memset(hbf, '\0', sizeof hbf);
    /* for systems using GNU libc */
    if((gethostbyname_r(hostparam, &hent, hbf, sizeof(hbf), &hp, &herrno) < 0)){
      hp = NULL;
    }
  }
  if(hp == NULL){ return -1; } 
  memset((void*) &cli, 0, sizeof(cli));
  memcpy(&cli.sin_addr, hp->h_addr, hp->h_length);

invokes undefined behaviour because gethostbyname_r points hp at the
'hent' automatic variable but hp is used after the execution of the
scope that declared it, in violation of section 6.2.4 of the C99
standard.

The particular undefined behaviour I see is that cli.sin_addr ends up
being all bits 0, and so the connection goes to localhost.

** Affects: siege (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to siege in Ubuntu.
https://bugs.launchpad.net/bugs/1175869

Title:
  coding error can lead to connections going to localhost rather than
  desired system

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/siege/+bug/1175869/+subscriptions