Subject: Re: Very interesting traceroute flaw (fwd)
To: Hubert Feyrer <hubert.feyrer@informatik.fh-regensburg.de>
From: Frederick Bruckman <fb@enteract.com>
List: tech-security
Date: 09/29/2000 07:56:11
by mail.netbsd.org with SMTP; 29 Sep 2000 12:56:23 -0000
by fb.sa.enteract.com (8.8.8/8.8.8) id HAA19877;
Fri, 29 Sep 2000 07:56:12 -0500 (CDT)
Date: Fri, 29 Sep 2000 07:56:11 -0500 (CDT)
From: Frederick Bruckman <fb@enteract.com>
Reply-To: Frederick Bruckman <fb@enteract.com>
To: Hubert Feyrer <hubert.feyrer@informatik.fh-regensburg.de>
cc: abs@purplei.com, tech-security@netbsd.org
Subject: Re: Very interesting traceroute flaw (fwd)
In-Reply-To: <Pine.GSO.4.21.0009291411220.24129-100000@rfhpc8320.fh-regensburg.de>
Message-ID: <Pine.NEB.4.21.0009290755180.19864-100000@handy.localnet>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Fri, 29 Sep 2000, Hubert Feyrer wrote:
> On Fri, 29 Sep 2000 abs@purplei.com wrote:
> > Looks like our traceroute uses strsave on hi->name in traceroute.c
> > and then later frees it - could be an issue?
>
> noon% traceroute -g 1 -g 1
> traceroute in free(): warning: page is already free.
> Version 1.4a5
> Usage: traceroute [-dDFPIlnrvx] [-g gateway] [-i iface] [-f first_ttl] [-m max_ttl]
> [ -p port] [-q nqueries] [-s src_addr] [-t tos] [-w waittime]
> host [packetlen]
>
> That's a bit older 1.5_ALPHA2.
Not even an error message with 1.4.3...
fredb@handy-> traceroute -g 1 -g 1
Version 1.4a5
Usage: traceroute [-dDFPIlnrvx] [-g gateway] [-i iface] [-f first_ttl]
[-m max_ttl]
[ -p port] [-q nqueries] [-s src_addr] [-t tos] [-w waittime]
host [packetlen]
fredb@handy-> uname -rm
1.4.3 i386