From e47ddddf3c498e1318c5f77be2aacfff4a775b02 Mon Sep 17 00:00:00 2001
From: ian <ian>
Date: Thu, 27 Jul 2000 00:08:33 +0000
Subject: [PATCH] @@ -1,8 +1,14 @@ -userv (1.0.1) unstable; urgency=low +userv
 (1.0.1) stable frozen unstable; urgency=high

+  IMPORTANT SECURITY FIX:
+  * fd swapping algorithm would sometimes corrupt security-critical data
+    used to generate the service program's USERV_ environment variables.
+    For details see the 1.0.1 announcement in the userv-announce archives.
+
+  Portability improvement:
   * Look for `md5' as well as `md5sum' - installs easier on BSDs.

- --
+ -- Ian Jackson <ian@davenant.greenend.org.uk>  Thu, 27 Jul 2000 01:06:30 +0100

 userv (1.0.0) unstable; urgency=low
---
 Makefile.in      |   2 +-
 configure        |  18 ++---
 configure.in     |   2 +-
 debian/changelog |  10 ++-
 servexec.c       |   3 +-
 spec.ps          | 174 +++++++++++++++++++++++------------------------
 6 files changed, 107 insertions(+), 102 deletions(-)

diff --git a/Makefile.in b/Makefile.in
index 9d04c2b..90972fd 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -28,7 +28,7 @@ LDLIBS=@DEBUGLIBS@ @LIBS@ $(XLDLIBS)
 M4=m4
 M4FLAGS=
 LEX=flex
-MD5SUM=@MD5SUM@
+MD5SUM=@MD5SUM_SIMPLE@
 CWD=$(shell pwd)
 
 INSTALL_GROUP=root
diff --git a/configure b/configure
index 4359deb..e2aa0a0 100755
--- a/configure
+++ b/configure
@@ -861,31 +861,31 @@ do
 set dummy $ac_prog; ac_word=$2
 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
 echo "configure:864: checking for $ac_word" >&5
-if eval "test \"`echo '$''{'ac_cv_prog_MD5SUM'+set}'`\" = set"; then
+if eval "test \"`echo '$''{'ac_cv_prog_MD5SUM_SIMPLE'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
-  if test -n "$MD5SUM"; then
-  ac_cv_prog_MD5SUM="$MD5SUM" # Let the user override the test.
+  if test -n "$MD5SUM_SIMPLE"; then
+  ac_cv_prog_MD5SUM_SIMPLE="$MD5SUM_SIMPLE" # Let the user override the test.
 else
   IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS="${IFS}:"
   for ac_dir in $PATH; do
     test -z "$ac_dir" && ac_dir=.
     if test -f $ac_dir/$ac_word; then
-      ac_cv_prog_MD5SUM="$ac_prog"
+      ac_cv_prog_MD5SUM_SIMPLE="$ac_prog"
       break
     fi
   done
   IFS="$ac_save_ifs"
 fi
 fi
-MD5SUM="$ac_cv_prog_MD5SUM"
-if test -n "$MD5SUM"; then
-  echo "$ac_t""$MD5SUM" 1>&6
+MD5SUM_SIMPLE="$ac_cv_prog_MD5SUM_SIMPLE"
+if test -n "$MD5SUM_SIMPLE"; then
+  echo "$ac_t""$MD5SUM_SIMPLE" 1>&6
 else
   echo "$ac_t""no" 1>&6
 fi
 
-test -n "$MD5SUM" && break
+test -n "$MD5SUM_SIMPLE" && break
 done
 
 
@@ -1618,7 +1618,7 @@ s%@CC@%$CC%g
 s%@CPP@%$CPP%g
 s%@INSTALL_PROGRAM@%$INSTALL_PROGRAM%g
 s%@INSTALL_DATA@%$INSTALL_DATA%g
-s%@MD5SUM@%$MD5SUM%g
+s%@MD5SUM_SIMPLE@%$MD5SUM_SIMPLE%g
 s%@OPTIMISE@%$OPTIMISE%g
 s%@CWARNS@%$CWARNS%g
 s%@VERSION@%$VERSION%g
diff --git a/configure.in b/configure.in
index 4aa9797..bc0263f 100644
--- a/configure.in
+++ b/configure.in
@@ -41,7 +41,7 @@ AC_ARG_ENABLE(debug,
 AC_PROG_CC
 AC_PROG_CPP
 AC_PROG_INSTALL
-AC_CHECK_PROGS(MD5SUM, md5sum md5)
+AC_CHECK_PROGS(MD5SUM_SIMPLE, md5sum md5)
 
 CFLAGS="$CFLAGS -D_GNU_SOURCE"
 
diff --git a/debian/changelog b/debian/changelog
index 7357b88..18aeeea 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,8 +1,14 @@
-userv (1.0.1) unstable; urgency=low
+userv (1.0.1) stable frozen unstable; urgency=high
 
+  IMPORTANT SECURITY FIX:
+  * fd swapping algorithm would sometimes corrupt security-critical data
+    used to generate the service program's USERV_ environment variables.
+    For details see the 1.0.1 announcement in the userv-announce archives.
+
+  Portability improvement:
   * Look for `md5' as well as `md5sum' - installs easier on BSDs.
 
- --
+ -- Ian Jackson <ian@davenant.greenend.org.uk>  Thu, 27 Jul 2000 01:06:30 +0100
 
 userv (1.0.0) unstable; urgency=low
 
diff --git a/servexec.c b/servexec.c
index 82b89e5..01353cd 100644
--- a/servexec.c
+++ b/servexec.c
@@ -266,7 +266,8 @@ void execservice(const int synchsocket[], int clientfd) {
     fdarray[fd].holdfd= -1;
   }
   for (fd=0; fd<fdarrayused; fd++) {
-    if (fdarray[fd].realfd < fdarrayused) fdarray[fdarray[fd].realfd].holdfd= fd;
+    if (fdarray[fd].realfd < fdarrayused && fdarray[fd].realfd >= 0)
+      fdarray[fdarray[fd].realfd].holdfd= fd;
   }
   for (fd=0; fd<fdarrayused; fd++) {
     realfd= fdarray[fd].realfd;
diff --git a/spec.ps b/spec.ps
index e4a5369..9277903 100644
--- a/spec.ps
+++ b/spec.ps
@@ -1,6 +1,6 @@
 %!PS-Adobe-3.0
 %%Creator: Basser Lout Version 3.10 (November 1996)
-%%CreationDate: Wed Jun 28 01:12:19 2000
+%%CreationDate: Thu Jul 27 00:59:08 2000
 %%DocumentData: Binary
 %%DocumentNeededResources: (atend)
 %%DocumentMedia: Plain 595 842 0 white ()
@@ -261,15 +261,15 @@ gsave
 gsave
 1 LoutMargSet
 grestore
-240 fnt84 8959 13842(1)m 340 fnt84 1359 12943(User)m 2118(ser)s 3(vice)k
-3190(daemon)s 4421(and)s 5047(client)s 5922(speci\207cation)s 200 fnt82
-2792 12427(Ian)m 3093(Jackson)s gsave
-3770 12472 translate
+340 fnt84 1359 13772(User)m 2118(ser)s 3(vice)k 3190(daemon)s
+4421(and)s 5047(client)s 5922(speci\207cation)s 200 fnt82 2792 13256(Ian)m
+3093(Jackson)s gsave
+3770 13301 translate
 0.6953 1.0000 scale
 200 fnt31 1031 -43(<ian@davenant.greenend.org.uk>)m 
 grestore
-240 fnt82
-4305 11926(1.0.1)m 9066 609 0 609 240 240 60 0 10666 LoutGr2
+240 fnt82 4305 12755(1.0.1)m
+9066 609 0 609 240 240 60 0 11495 LoutGr2
 newpath 0 ysize 0.3 ft sub moveto
 xsize 0 rlineto
 0 0.1 ft rlineto
@@ -278,123 +278,125 @@ closepath fill
 grestore
 320 fnt84 0 5(0.1.)m 628(Abstract)s 
 grestore
-0 10372(This)m
-476(is)s 686(a)s 852(speci\207cation)s 2117(for)s 2455(a)s
-2621(Unix)s 3155(system)s 3879(f)s 2(acility)k 4606(to)s
-4845(allo)s 6(w)k 5424(one)s 5826(program)s 6696(to)s
-6935(in)s 9(v)k 4(ok)k 2(e)k 7628(another)s
-8405(when)s 0 10132(only)m 480(limited)s 1214(trust)s 1698(e)s 3(xists)k
-2290(between)s 3144(them.)s 9066 670 0 670 240 240 60 0 9108 LoutGr2
+0 11201(This)m 476(is)s
+686(a)s 852(speci\207cation)s 2117(for)s 2455(a)s 2621(Unix)s
+3155(system)s 3879(f)s 2(acility)k 4606(to)s 4845(allo)s 6(w)k
+5424(one)s 5826(program)s 6696(to)s 6935(in)s 9(v)k 4(ok)k 2(e)k
+7628(another)s 8405(when)s 0 10961(only)m 480(limited)s 1214(trust)s
+1698(e)s 3(xists)k 2290(between)s 3144(them.)s 9066 670 0 670 240 240 60 0 9937 LoutGr2
 newpath 0 ysize 0.3 ft sub moveto
 xsize 0 rlineto
 0 0.1 ft rlineto
 xsize neg 0 rlineto
 closepath fill
 grestore
-320 fnt84 0 66(0.2.)m 628(Copyright)s
-2109(Notice)s 
+320 fnt84
+0 66(0.2.)m 628(Copyright)s 2109(Notice)s 
 grestore
 gsave
-0 8868 translate
-0.6953 1.0000 scale
-240 fnt31 0 -52(userv)m 
-grestore
-560 8814(is)m 770(Cop)s 2(yright)k
-1799(1996-1999)s 2889(Ian)s 3251(Jackson.)s gsave
-0 8460 translate
+0 9697 translate
 0.6953 1.0000 scale
 240 fnt31 0 -52(userv)m
 
 grestore
-544 8406(is)m 737(free)s 1146(softw)s 2(are;)k 2062(you)s
-2460(can)s 2832(redistrib)s 4(ute)k 3955(it)s 4130(and/or)s
-4784(modify)s 5512(it)s 5688(under)s 6276(the)s 6607(terms)s
-7172(of)s 7426(the)s 7757(GNU)s 8315(General)s 0 8166(Public)m
-659(License)s 1453(as)s 1698(published)s 2682(by)s 2971(the)s
-3314(Free)s 3789(Softw)s 2(are)k 4699(F)s 3(oundation;)k
-5894(either)s 6492(v)s 3(ersion)k 7245(2)s 7414(of)s
-7680(the)s 8023(License,)s 8867(or)s 0 7926(\(at)m 311(your)s
-810(option\))s 1550(an)s 3(y)k 1947(later)s 2430(v)s 3(ersion.)k
-0 7518(This)m 476(program)s 1346(is)s 1556(distrib)s 4(uted)k
-2632(in)s 2875(the)s 3223(hope)s 3745(that)s 4163(it)s
-4355(will)s 4781(be)s 5063(useful,)s 5754(b)s 4(ut)k
-240 fnt83 6116 7520(without)m 6898(any)s 7300(warr)s 3(anty)k
-240 fnt82 8171 7518(;)m 8283(without)s 0 7277(e)m 6(v)k 3(en)k
-500(the)s 848(implied)s 1636(w)s 2(arranty)k 2537(of)s
-240 fnt83 2808 7279(mer)m 8(c)k 3(hantability)k 240 fnt82
-4367 7277(or)m 240 fnt83 4626 7279(\207tness)m 5279(for)s 5623(a)s
-5798(particular)s 6833(purpose)s 240 fnt82 7598 7277(.)m 7702(See)s
-8103(the)s 8451(GNU)s 0 7037(General)m 811(Public)s 1475(License)s
-2274(for)s 2612(more)s 3159(details.)s 0 6629(Y)m 26(ou)k
-442(should)s 1139(ha)s 4(v)k 3(e)k 1640(re)s
-1821(cei)s 6(v)k 3(ed)k 2494(a)s 2660(cop)s 2(y)k
-3178(of)s 3449(the)s 3797(GNU)s 4372(Gen)s 4768(er)s
-4953(al)s 5180(Pub)s 5546(lic)s 5837(Li)s 6043(cense)s
-6630(along)s 7215(with)s gsave
-7697 6683 translate
+560 9643(is)m 770(Cop)s 2(yright)k 1799(1996-1999)s 2889(Ian)s
+3251(Jackson.)s gsave
+0 9289 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(userv)m 
+grestore
+544 9235(is)m 737(free)s
+1146(softw)s 2(are;)k 2062(you)s 2460(can)s 2832(redistrib)s 4(ute)k
+3955(it)s 4130(and/or)s 4784(modify)s 5512(it)s 5688(under)s
+6276(the)s 6607(terms)s 7172(of)s 7426(the)s 7757(GNU)s
+8315(General)s 0 8995(Public)m 659(License)s 1453(as)s 1698(published)s
+2682(by)s 2971(the)s 3314(Free)s 3789(Softw)s 2(are)k
+4699(F)s 3(oundation;)k 5894(either)s 6492(v)s 3(ersion)k
+7245(2)s 7414(of)s 7680(the)s 8023(License,)s 8867(or)s
+0 8755(\(at)m 311(your)s 810(option\))s 1550(an)s 3(y)k
+1947(later)s 2430(v)s 3(ersion.)k 0 8347(This)m 476(program)s
+1346(is)s 1556(distrib)s 4(uted)k 2632(in)s 2875(the)s
+3223(hope)s 3745(that)s 4163(it)s 4355(will)s 4781(be)s
+5063(useful,)s 5754(b)s 4(ut)k 240 fnt83 6116 8349(without)m
+6898(any)s 7300(warr)s 3(anty)k 240 fnt82 8171 8347(;)m
+8283(without)s 0 8106(e)m 6(v)k 3(en)k 500(the)s
+848(implied)s 1636(w)s 2(arranty)k 2537(of)s 240 fnt83
+2808 8108(mer)m 8(c)k 3(hantability)k 240 fnt82 4367 8106(or)m
+240 fnt83 4626 8108(\207tness)m 5279(for)s 5623(a)s 5798(particular)s
+6833(purpose)s 240 fnt82 7598 8106(.)m 7702(See)s 8103(the)s
+8451(GNU)s 0 7866(General)m 811(Public)s 1475(License)s 2274(for)s
+2612(more)s 3159(details.)s 0 7458(Y)m 26(ou)k 442(should)s
+1139(ha)s 4(v)k 3(e)k 1640(re)s 1821(cei)s 6(v)k 3(ed)k
+2494(a)s 2660(cop)s 2(y)k 3178(of)s 3449(the)s
+3797(GNU)s 4372(Gen)s 4768(er)s 4953(al)s 5180(Pub)s
+5546(lic)s 5837(Li)s 6043(cense)s 6630(along)s 7215(with)s
+gsave
+7697 7512 translate
 0.6953 1.0000 scale
 240 fnt31 0 -52(userv)m 
 grestore
-8197(;)s
-8309(if)s 8526(not,)s 0 6388(write)m 546(to)s 785(the)s
-1133(Free)s 1613(Soft)s 2011(w)s 2(are)k 2529(F)s 3(oun)k
-3016(da)s 3242(tion,)s 3721(59)s 4012(T)s 16(em)k
-4434(ple)s 4782(Place)s 5355(-)s 5483(Suite)s 6030(330,)s
-6497(Boston,)s 7283(MA)s 7726(02111-1307,)s 0 6148(USA.)m 9066 610 0 610 240 240 60 0 5184 LoutGr2
+8197(;)s 8309(if)s 8526(not,)s
+0 7217(write)m 546(to)s 785(the)s 1133(Free)s 1613(Soft)s
+2011(w)s 2(are)k 2529(F)s 3(oun)k 3016(da)s
+3242(tion,)s 3721(59)s 4012(T)s 16(em)k 4434(ple)s
+4782(Place)s 5355(-)s 5483(Suite)s 6030(330,)s 6497(Boston,)s
+7283(MA)s 7726(02111-1307,)s 0 6977(USA.)m 9066 610 0 610 240 240 60 0 6013 LoutGr2
 newpath 0 ysize 0.3 ft sub moveto
 xsize 0 rlineto
 0 0.1 ft rlineto
 xsize neg 0 rlineto
 closepath fill
 grestore
-320 fnt84
-0 6(0.3.)m 628(Contents)s 
+320 fnt84 0 6(0.3.)m
+628(Contents)s 
 grestore
-0 4890(1.)m 1200(Introduction)s 8962(3)s
-0 4663(2.)m 1200(Client)s 1844(program)s 2714(usage)s 8952(4)s
-0 4426(2.1.)m 1200(Options)s 8952(4)s 0 4189(2.2.)m 1200(Security-o)s 3(v)k 3(erriding)k
-3118(options)s 8958(7)s 0 3952(3.)m 1200(Ex)s 3(ecution)k
+0 5719(1.)m 1200(Introduction)s 8962(3)s 0 5492(2.)m
+1200(Client)s 1844(program)s 2714(usage)s 8952(4)s 0 5255(2.1.)m
+1200(Options)s 8952(4)s 0 5018(2.2.)m 1200(Security-o)s 3(v)k 3(erriding)k
+3118(options)s 8958(7)s 0 4781(3.)m 1200(Ex)s 3(ecution)k
 2224(en)s 9(vironment)k 3484(of)s 3755(the)s 4103(service)s
-4835(program)s 8959(8)s 0 3715(3.1.)m 1200(File)s 1627(descriptors)s
-8959(8)s 0 3478(3.2.)m 1200(En)s 9(vironment)k 8955(9)s
-0 3251(4.)m 1200(Service-side)s 2436(con\207guration)s 8831(10)s 0 3014(4.1.)m
-1200(Con\207guration)s 2587(\207le)s 2948(syntax)s 8831(10)s 0 2777(4.2.)m
+4835(program)s 8959(8)s 0 4544(3.1.)m 1200(File)s 1627(descriptors)s
+8959(8)s 0 4307(3.2.)m 1200(En)s 9(vironment)k 8955(9)s
+0 4080(4.)m 1200(Service-side)s 2436(con\207guration)s 8831(10)s 0 3843(4.1.)m
+1200(Con\207guration)s 2587(\207le)s 2948(syntax)s 8831(10)s 0 3606(4.2.)m
 1200(Con\207guration)s 2587(\207le)s 2948(directi)s 6(v)k 3(es)k
-8831(10)s 0 2539(4.3.)m 1200(Errors)s 1847(in)s 2090(the)s
-2438(con\207guration)s 3771(\207le)s 8833(16)s 0 2301(4.4.)m 1200(Def)s 2(aults)k
-8833(16)s 0 2074(5.)m 1200(Information)s 2398(passed)s 3094(through)s
-3896(the)s 4244(client/daemon)s 5655(combination)s 8839(18)s 0 1836(6.)m
+8831(10)s 0 3368(4.3.)m 1200(Errors)s 1847(in)s 2090(the)s
+2438(con\207guration)s 3771(\207le)s 8833(16)s 0 3130(4.4.)m 1200(Def)s 2(aults)k
+8833(16)s 0 2903(5.)m 1200(Information)s 2398(passed)s 3094(through)s
+3896(the)s 4244(client/daemon)s 5655(combination)s 8839(18)s 0 2665(6.)m
 1200(Applications)s 2473(and)s 2877(notes)s 3433(on)s 3730(use)s
-8831(20)s 0 1598(6.1.)m 1200(Standard)s 2108(services)s 2928(and)s
-3332(directory)s 4248(management)s 8831(20)s 0 1360(6.2.)m 1200(Reducing)s
+8831(20)s 0 2427(6.1.)m 1200(Standard)s 2108(services)s 2928(and)s
+3332(directory)s 4248(management)s 8831(20)s 0 2189(6.2.)m 1200(Reducing)s
 2171(the)s 2519(number)s 3310(of)s 3581(absolutely)s 4618(pri)s 6(vile)k 3(ged)k
-5636(subsystems)s 8831(20)s 0 1122(6.3.)m 1200(Do)s 1546(not)s
+5636(subsystems)s 8831(20)s 0 1951(6.3.)m 1200(Do)s 1546(not)s
 1912(gi)s 6(v)k 3(e)k 2371(a)s 3(w)k 2(ay)k
 2925(e)s 3(xcessi)k 6(v)k 3(e)k 3885(pri)s 6(vile)k 3(ge)k
 4781(to)s gsave
-5020 1176 translate
+5020 2005 translate
 0.6953 1.0000 scale
 240 fnt31 0 -52(userv)m 
 grestore
 5520(-using)s 6171(f)s 2(acilities)k
-8831(20)s 0 884(6.4.)m gsave
-1200 938 translate
+8831(20)s 0 1713(6.4.)m gsave
+1200 1767 translate
 0.6953 1.0000 scale
 240 fnt31 0 -52(userv)m 
 grestore
 1760(is)s
 1970(not)s 2336(a)s 2502(replacement)s 3729(for)s gsave
-4067 938 translate
+4067 1767 translate
 0.6953 1.0000 scale
 240 fnt31
 0 -52(really)m 
 grestore
 4727(and)s gsave
-5131 938 translate
+5131 1767 translate
 0.6953 1.0000 scale
 240 fnt31 0 -52(sudo)m 
 grestore
 8851(21)s
+0 1474(6.5.)m 1200(Don')s 4(t)k 1814(gi)s 6(v)k 3(e)k
+2273(access)s 2934(to)s 3173(general-purpose)s 4769(utilities)s 8851(21)s
 0 52(User)m 511(service)s 1243(daemon)s 2058(and)s 2462(client)s
 3052(speci\207cation)s 8611(1.0.1)s 
 grestore
@@ -433,9 +435,7 @@ gsave
 gsave
 0 LoutMargSet
 grestore
-240 fnt84 0 13842(2)m 240 fnt82 0 13252(6.5.)m 1200(Don')s 4(t)k
-1814(gi)s 6(v)k 3(e)k 2273(access)s 2934(to)s
-3173(general-purpose)s 4769(utilities)s 8851(21)s 0 52(1.0.1)m 4809(User)s
+240 fnt84 0 13842(2)m 240 fnt82 0 52(1.0.1)m 4809(User)s
 5320(service)s 6052(daemon)s 6867(and)s 7271(client)s 7861(speci\207cation)s
 
 grestore
@@ -5672,7 +5672,6 @@ showpage
 %%Page: 22 22
 %%BeginPageSetup
 %%PageResources: font Times-Roman
-%%+ font Times-Bold
 %%+ font Courier-Bold
 /pgsave save def
 0.0500 dup scale 10 setlinewidth
@@ -5699,15 +5698,14 @@ gsave
 gsave
 0 LoutMargSet
 grestore
-240 fnt84 0 13842(22)m 240 fnt82 0 13254(mistak)m 2(es)k
-885(with)s 1367(programs)s 2321(lik)s 2(e)k gsave
-2733 13308 translate
+0 13844(??)m 0 13255(mistak)m 2(es)k 885(with)s 1367(programs)s
+2321(lik)s 2(e)k gsave
+2733 13309 translate
 0.6953 1.0000 scale
-240 fnt31
-0 -52(sudo)m 
+240 fnt31 0 -52(sudo)m 
 grestore
-3133(.)s 0 52(1.0.1)m 4809(User)s 5320(service)s
-6052(daemon)s 6867(and)s 7271(client)s 7861(speci\207cation)s 
+3133(.)s
+
 grestore
 
 grestore
-- 
2.30.2