<div dir="ltr"><div># /usr/local/sbin/tac_plus -v</div><div>tac_plus version F4.0.4.28</div><div>ACLS</div><div>FIONBIO</div><div>LIBWRAP</div><div>LINUX</div><div>LITTLE_ENDIAN</div><div>LOG_DAEMON</div><div>PAM</div><div>NO_PWAGE</div><div>REAPCHILD</div><div>RETSIGTYPE RETSIGTYPE</div><div>SHADOW_PASSWORDS</div><div>SIGTSTP</div><div>SIGTTIN</div><div>SIGTTOU</div><div>SO_REUSEADDR</div><div>STRERROR</div><div>TAC_PLUS_PORT</div><div>UENABLE</div><div>__STDC__</div><div><br></div><div>I am getting the buffer overflow when the deny-configuration is longer that 235 characters</div><div><br></div><div>WORKS:</div><div><br></div><div>deny-configuration = "access|access-profile|accounting-options|applications|apply-groups|bridge-domains|chassis|class-of-service|diameter|dynamic-profiles|event-options|fabric|firewall|forwarding-options|groups|interfaces|jsrc|jsrc-partition|logical-systems"<br></div><div><br></div><div><br></div><div>FAILS:</div><div><br></div><div><div>deny-configuration = "access|access-profile|accounting-options|applications|apply-groups|bridge-domains|chassis|class-of-service|diameter|dynamic-profiles|event-options|fabric|firewall|forwarding-options|groups|interfaces|jsrc|jsrc-partition|logical-systems1"<br></div></div><div><br></div><div>Any suggestion how to increase the max length allowed?</div><div><br></div><div>Here is the backtrace</div><div><br></div><div><div>group = autoload {</div><div><span class="" style="white-space:pre"> </span>service = junos-exec {</div><div><span class="" style="white-space:pre"> </span>local-user-name = autoload</div><div><span class="" style="white-space:pre"> </span># class view_config_only</div><div><span class="" style="white-space:pre"> </span>allow-commands = "^(request system snapshot|request pfe|file (show|delete)|file checksum md5|commit|configure (private|exclusive))"</div><div><span class="" style="white-space:pre"> </span>deny-commands = "^(request|test|file|configure|start shell pfe direct)"</div><div><span class="" style="white-space:pre"> </span>allow-configuration = "policy-options|routing-options fate-sharing|load set"</div><div><span class="" style="white-space:pre"> </span>deny-configuration = "access|access-profile|accounting-options|applications|apply-groups|bridge-domains|chassis|class-of-service|diameter|dynamic-profiles|event-options|fabric|firewall|forwarding-options|groups|interfaces|jsrc|jsrc-partition|logical-systems1"</div><div>*** buffer overflow detected ***: /usr/local/sbin/tac_plus terminated</div><div>======= Backtrace: =========</div><div>/lib/libc.so.6(__fortify_fail+0x37)[0x7fa4d9e16ec7]</div><div>/lib/libc.so.6(+0x102d80)[0x7fa4d9e15d80]</div><div>/lib/libc.so.6(+0x101c37)[0x7fa4d9e14c37]</div><div>/usr/local/sbin/tac_plus[0x406111]</div><div>/usr/local/sbin/tac_plus[0x40612c]</div><div>======= Memory map: ========</div><div>00400000-00418000 r-xp 00000000 fc:13 130465 /usr/local/sbin/tac_plus</div><div>00618000-00619000 r--p 00018000 fc:13 130465 /usr/local/sbin/tac_plus</div><div>00619000-0061a000 rw-p 00019000 fc:13 130465 /usr/local/sbin/tac_plus</div><div>0061a000-0061d000 rw-p 00000000 00:00 0 </div><div>00d2f000-00d50000 rw-p 00000000 00:00 0 [heap]</div><div>7fa4d98f8000-7fa4d990e000 r-xp 00000000 fc:0e 391061 /lib/libgcc_s.so.1</div><div>7fa4d990e000-7fa4d9b0d000 ---p 00016000 fc:0e 391061 /lib/libgcc_s.so.1</div><div>7fa4d9b0d000-7fa4d9b0e000 r--p 00015000 fc:0e 391061 /lib/libgcc_s.so.1</div><div>7fa4d9b0e000-7fa4d9b0f000 rw-p 00016000 fc:0e 391061 /lib/libgcc_s.so.1</div><div>7fa4d9b0f000-7fa4d9b11000 r-xp 00000000 fc:0e 420185 /lib/<a href="http://libdl-2.11.1.so">libdl-2.11.1.so</a></div><div>7fa4d9b11000-7fa4d9d11000 ---p 00002000 fc:0e 420185 /lib/<a href="http://libdl-2.11.1.so">libdl-2.11.1.so</a></div><div>7fa4d9d11000-7fa4d9d12000 r--p 00002000 fc:0e 420185 /lib/<a href="http://libdl-2.11.1.so">libdl-2.11.1.so</a></div><div>7fa4d9d12000-7fa4d9d13000 rw-p 00003000 fc:0e 420185 /lib/<a href="http://libdl-2.11.1.so">libdl-2.11.1.so</a></div><div>7fa4d9d13000-7fa4d9e92000 r-xp 00000000 fc:0e 420187 /lib/<a href="http://libc-2.11.1.so">libc-2.11.1.so</a></div><div>7fa4d9e92000-7fa4da092000 ---p 0017f000 fc:0e 420187 /lib/<a href="http://libc-2.11.1.so">libc-2.11.1.so</a></div><div>7fa4da092000-7fa4da096000 r--p 0017f000 fc:0e 420187 /lib/<a href="http://libc-2.11.1.so">libc-2.11.1.so</a></div><div>7fa4da096000-7fa4da097000 rw-p 00183000 fc:0e 420187 /lib/<a href="http://libc-2.11.1.so">libc-2.11.1.so</a></div><div>7fa4da097000-7fa4da09c000 rw-p 00000000 00:00 0 </div><div>7fa4da09c000-7fa4da0b4000 r-xp 00000000 fc:0e 420166 /lib/<a href="http://libpthread-2.11.1.so">libpthread-2.11.1.so</a></div><div>7fa4da0b4000-7fa4da2b3000 ---p 00018000 fc:0e 420166 /lib/<a href="http://libpthread-2.11.1.so">libpthread-2.11.1.so</a></div><div>7fa4da2b3000-7fa4da2b4000 r--p 00017000 fc:0e 420166 /lib/<a href="http://libpthread-2.11.1.so">libpthread-2.11.1.so</a></div><div>7fa4da2b4000-7fa4da2b5000 rw-p 00018000 fc:0e 420166 /lib/<a href="http://libpthread-2.11.1.so">libpthread-2.11.1.so</a></div><div>7fa4da2b5000-7fa4da2b9000 rw-p 00000000 00:00 0 </div><div>7fa4da2b9000-7fa4da2c2000 r-xp 00000000 fc:0e 420168 /lib/<a href="http://libcrypt-2.11.1.so">libcrypt-2.11.1.so</a></div><div>7fa4da2c2000-7fa4da4c2000 ---p 00009000 fc:0e 420168 /lib/<a href="http://libcrypt-2.11.1.so">libcrypt-2.11.1.so</a></div><div>7fa4da4c2000-7fa4da4c3000 r--p 00009000 fc:0e 420168 /lib/<a href="http://libcrypt-2.11.1.so">libcrypt-2.11.1.so</a></div><div>7fa4da4c3000-7fa4da4c4000 rw-p 0000a000 fc:0e 420168 /lib/<a href="http://libcrypt-2.11.1.so">libcrypt-2.11.1.so</a></div><div>7fa4da4c4000-7fa4da4f2000 rw-p 00000000 00:00 0 </div><div>7fa4da4f2000-7fa4da509000 r-xp 00000000 fc:0e 420167 /lib/<a href="http://libnsl-2.11.1.so">libnsl-2.11.1.so</a></div><div>7fa4da509000-7fa4da708000 ---p 00017000 fc:0e 420167 /lib/<a href="http://libnsl-2.11.1.so">libnsl-2.11.1.so</a></div><div>7fa4da708000-7fa4da709000 r--p 00016000 fc:0e 420167 /lib/<a href="http://libnsl-2.11.1.so">libnsl-2.11.1.so</a></div><div>7fa4da709000-7fa4da70a000 rw-p 00017000 fc:0e 420167 /lib/<a href="http://libnsl-2.11.1.so">libnsl-2.11.1.so</a></div><div>7fa4da70a000-7fa4da70c000 rw-p 00000000 00:00 0 </div><div>7fa4da70c000-7fa4da718000 r-xp 00000000 fc:0e 416207 /lib/libpam.so.0.82.2</div><div>7fa4da718000-7fa4da917000 ---p 0000c000 fc:0e 416207 /lib/libpam.so.0.82.2</div><div>7fa4da917000-7fa4da918000 r--p 0000b000 fc:0e 416207 /lib/libpam.so.0.82.2</div><div>7fa4da918000-7fa4da919000 rw-p 0000c000 fc:0e 416207 /lib/libpam.so.0.82.2</div><div>7fa4da919000-7fa4da970000 r-xp 00000000 fc:13 130686 /usr/local/lib/libtacacs.so.1.0.0</div><div>7fa4da970000-7fa4dab70000 ---p 00057000 fc:13 130686 /usr/local/lib/libtacacs.so.1.0.0</div><div>7fa4dab70000-7fa4dab71000 r--p 00057000 fc:13 130686 /usr/local/lib/libtacacs.so.1.0.0</div><div>7fa4dab71000-7fa4dab72000 rw-p 00058000 fc:13 130686 /usr/local/lib/libtacacs.so.1.0.0</div><div>7fa4dab72000-7fa4dab7b000 r-xp 00000000 fc:0e 396262 /lib/libwrap.so.0.7.6</div><div>7fa4dab7b000-7fa4dad7a000 ---p 00009000 fc:0e 396262 /lib/libwrap.so.0.7.6</div><div>7fa4dad7a000-7fa4dad7b000 r--p 00008000 fc:0e 396262 /lib/libwrap.so.0.7.6</div><div>7fa4dad7b000-7fa4dad7c000 rw-p 00009000 fc:0e 396262 /lib/libwrap.so.0.7.6</div><div>7fa4dad7c000-7fa4dad7d000 rw-p 00000000 00:00 0 </div><div>7fa4dad7d000-7fa4dad9d000 r-xp 00000000 fc:0e 420163 /lib/<a href="http://ld-2.11.1.so">ld-2.11.1.so</a></div><div>7fa4daf8e000-7fa4daf93000 rw-p 00000000 00:00 0 </div><div>7fa4daf99000-7fa4daf9c000 rw-p 00000000 00:00 0 </div><div>7fa4daf9c000-7fa4daf9d000 r--p 0001f000 fc:0e 420163 /lib/<a href="http://ld-2.11.1.so">ld-2.11.1.so</a></div><div>7fa4daf9d000-7fa4daf9e000 rw-p 00020000 fc:0e 420163 /lib/<a href="http://ld-2.11.1.so">ld-2.11.1.so</a></div><div>7fa4daf9e000-7fa4daf9f000 rw-p 00000000 00:00 0 </div><div>7fff675cd000-7fff675e2000 rw-p 00000000 00:00 0 [stack]</div><div>7fff675ff000-7fff67600000 r-xp 00000000 00:00 0 [vdso]</div><div>ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]</div><div>Aborted</div></div><div><br></div><div><br></div>-- <br><div>Asif Iqbal<br>PGP Key: 0xE62693C5 KeyServer: <a href="http://pgp.mit.edu" target="_blank">pgp.mit.edu</a><br>A: Because it messes up the order in which people normally read text.<br>Q: Why is top-posting such a bad thing?<br><br></div>
</div>