[tac_plus] *** buffer overflow detected ***: /usr/local/sbin/tac_plus terminated

Asif Iqbal vadud3 at gmail.com
Wed Feb 24 19:53:13 UTC 2016


# /usr/local/sbin/tac_plus -v
tac_plus version F4.0.4.28
ACLS
FIONBIO
LIBWRAP
LINUX
LITTLE_ENDIAN
LOG_DAEMON
PAM
NO_PWAGE
REAPCHILD
RETSIGTYPE RETSIGTYPE
SHADOW_PASSWORDS
SIGTSTP
SIGTTIN
SIGTTOU
SO_REUSEADDR
STRERROR
TAC_PLUS_PORT
UENABLE
__STDC__

I am getting the buffer overflow when the deny-configuration is longer that
235 characters

WORKS:

deny-configuration =
"access|access-profile|accounting-options|applications|apply-groups|bridge-domains|chassis|class-of-service|diameter|dynamic-profiles|event-options|fabric|firewall|forwarding-options|groups|interfaces|jsrc|jsrc-partition|logical-systems"


FAILS:

deny-configuration =
"access|access-profile|accounting-options|applications|apply-groups|bridge-domains|chassis|class-of-service|diameter|dynamic-profiles|event-options|fabric|firewall|forwarding-options|groups|interfaces|jsrc|jsrc-partition|logical-systems1"

Any suggestion how to increase the max length allowed?

Here is the backtrace

group = autoload {
service = junos-exec {
local-user-name = autoload
# class view_config_only
allow-commands = "^(request system snapshot|request pfe|file
(show|delete)|file checksum md5|commit|configure (private|exclusive))"
deny-commands = "^(request|test|file|configure|start shell pfe direct)"
allow-configuration = "policy-options|routing-options fate-sharing|load set"
deny-configuration =
"access|access-profile|accounting-options|applications|apply-groups|bridge-domains|chassis|class-of-service|diameter|dynamic-profiles|event-options|fabric|firewall|forwarding-options|groups|interfaces|jsrc|jsrc-partition|logical-systems1"
*** buffer overflow detected ***: /usr/local/sbin/tac_plus terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x7fa4d9e16ec7]
/lib/libc.so.6(+0x102d80)[0x7fa4d9e15d80]
/lib/libc.so.6(+0x101c37)[0x7fa4d9e14c37]
/usr/local/sbin/tac_plus[0x406111]
/usr/local/sbin/tac_plus[0x40612c]
======= Memory map: ========
00400000-00418000 r-xp 00000000 fc:13 130465
/usr/local/sbin/tac_plus
00618000-00619000 r--p 00018000 fc:13 130465
/usr/local/sbin/tac_plus
00619000-0061a000 rw-p 00019000 fc:13 130465
/usr/local/sbin/tac_plus
0061a000-0061d000 rw-p 00000000 00:00 0
00d2f000-00d50000 rw-p 00000000 00:00 0
 [heap]
7fa4d98f8000-7fa4d990e000 r-xp 00000000 fc:0e 391061
/lib/libgcc_s.so.1
7fa4d990e000-7fa4d9b0d000 ---p 00016000 fc:0e 391061
/lib/libgcc_s.so.1
7fa4d9b0d000-7fa4d9b0e000 r--p 00015000 fc:0e 391061
/lib/libgcc_s.so.1
7fa4d9b0e000-7fa4d9b0f000 rw-p 00016000 fc:0e 391061
/lib/libgcc_s.so.1
7fa4d9b0f000-7fa4d9b11000 r-xp 00000000 fc:0e 420185
/lib/libdl-2.11.1.so
7fa4d9b11000-7fa4d9d11000 ---p 00002000 fc:0e 420185
/lib/libdl-2.11.1.so
7fa4d9d11000-7fa4d9d12000 r--p 00002000 fc:0e 420185
/lib/libdl-2.11.1.so
7fa4d9d12000-7fa4d9d13000 rw-p 00003000 fc:0e 420185
/lib/libdl-2.11.1.so
7fa4d9d13000-7fa4d9e92000 r-xp 00000000 fc:0e 420187
/lib/libc-2.11.1.so
7fa4d9e92000-7fa4da092000 ---p 0017f000 fc:0e 420187
/lib/libc-2.11.1.so
7fa4da092000-7fa4da096000 r--p 0017f000 fc:0e 420187
/lib/libc-2.11.1.so
7fa4da096000-7fa4da097000 rw-p 00183000 fc:0e 420187
/lib/libc-2.11.1.so
7fa4da097000-7fa4da09c000 rw-p 00000000 00:00 0
7fa4da09c000-7fa4da0b4000 r-xp 00000000 fc:0e 420166
/lib/libpthread-2.11.1.so
7fa4da0b4000-7fa4da2b3000 ---p 00018000 fc:0e 420166
/lib/libpthread-2.11.1.so
7fa4da2b3000-7fa4da2b4000 r--p 00017000 fc:0e 420166
/lib/libpthread-2.11.1.so
7fa4da2b4000-7fa4da2b5000 rw-p 00018000 fc:0e 420166
/lib/libpthread-2.11.1.so
7fa4da2b5000-7fa4da2b9000 rw-p 00000000 00:00 0
7fa4da2b9000-7fa4da2c2000 r-xp 00000000 fc:0e 420168
/lib/libcrypt-2.11.1.so
7fa4da2c2000-7fa4da4c2000 ---p 00009000 fc:0e 420168
/lib/libcrypt-2.11.1.so
7fa4da4c2000-7fa4da4c3000 r--p 00009000 fc:0e 420168
/lib/libcrypt-2.11.1.so
7fa4da4c3000-7fa4da4c4000 rw-p 0000a000 fc:0e 420168
/lib/libcrypt-2.11.1.so
7fa4da4c4000-7fa4da4f2000 rw-p 00000000 00:00 0
7fa4da4f2000-7fa4da509000 r-xp 00000000 fc:0e 420167
/lib/libnsl-2.11.1.so
7fa4da509000-7fa4da708000 ---p 00017000 fc:0e 420167
/lib/libnsl-2.11.1.so
7fa4da708000-7fa4da709000 r--p 00016000 fc:0e 420167
/lib/libnsl-2.11.1.so
7fa4da709000-7fa4da70a000 rw-p 00017000 fc:0e 420167
/lib/libnsl-2.11.1.so
7fa4da70a000-7fa4da70c000 rw-p 00000000 00:00 0
7fa4da70c000-7fa4da718000 r-xp 00000000 fc:0e 416207
/lib/libpam.so.0.82.2
7fa4da718000-7fa4da917000 ---p 0000c000 fc:0e 416207
/lib/libpam.so.0.82.2
7fa4da917000-7fa4da918000 r--p 0000b000 fc:0e 416207
/lib/libpam.so.0.82.2
7fa4da918000-7fa4da919000 rw-p 0000c000 fc:0e 416207
/lib/libpam.so.0.82.2
7fa4da919000-7fa4da970000 r-xp 00000000 fc:13 130686
/usr/local/lib/libtacacs.so.1.0.0
7fa4da970000-7fa4dab70000 ---p 00057000 fc:13 130686
/usr/local/lib/libtacacs.so.1.0.0
7fa4dab70000-7fa4dab71000 r--p 00057000 fc:13 130686
/usr/local/lib/libtacacs.so.1.0.0
7fa4dab71000-7fa4dab72000 rw-p 00058000 fc:13 130686
/usr/local/lib/libtacacs.so.1.0.0
7fa4dab72000-7fa4dab7b000 r-xp 00000000 fc:0e 396262
/lib/libwrap.so.0.7.6
7fa4dab7b000-7fa4dad7a000 ---p 00009000 fc:0e 396262
/lib/libwrap.so.0.7.6
7fa4dad7a000-7fa4dad7b000 r--p 00008000 fc:0e 396262
/lib/libwrap.so.0.7.6
7fa4dad7b000-7fa4dad7c000 rw-p 00009000 fc:0e 396262
/lib/libwrap.so.0.7.6
7fa4dad7c000-7fa4dad7d000 rw-p 00000000 00:00 0
7fa4dad7d000-7fa4dad9d000 r-xp 00000000 fc:0e 420163
/lib/ld-2.11.1.so
7fa4daf8e000-7fa4daf93000 rw-p 00000000 00:00 0
7fa4daf99000-7fa4daf9c000 rw-p 00000000 00:00 0
7fa4daf9c000-7fa4daf9d000 r--p 0001f000 fc:0e 420163
/lib/ld-2.11.1.so
7fa4daf9d000-7fa4daf9e000 rw-p 00020000 fc:0e 420163
/lib/ld-2.11.1.so
7fa4daf9e000-7fa4daf9f000 rw-p 00000000 00:00 0
7fff675cd000-7fff675e2000 rw-p 00000000 00:00 0
 [stack]
7fff675ff000-7fff67600000 r-xp 00000000 00:00 0
 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0
 [vsyscall]
Aborted


-- 
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20160224/06fbd32c/attachment.html>


More information about the tac_plus mailing list