From owner-freebsd-security Sun May 12 6:12:41 2002 Delivered-To: freebsd-security@freebsd.org Received: from cheer.mahoroba.org (flets19-004.kamome.or.jp [218.45.19.4]) by hub.freebsd.org (Postfix) with ESMTP id 88EE137B406 for ; Sun, 12 May 2002 06:12:34 -0700 (PDT) Received: from mille.mahoroba.org (IDENT:SNxXUT0Isb/DjlS/roS0zukjzVHz36etAk09LNmoDEn1IovrWArUZMXqbZJegDHY@mille.mahoroba.org [IPv6:2001:200:301:0:202:2dff:fe0a:6bee]) (user=ume mech=CRAM-MD5 bits=0) by cheer.mahoroba.org (8.12.3/8.12.3) with ESMTP/inet6 id g4CDCVLR071264 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Sun, 12 May 2002 22:12:31 +0900 (JST) (envelope-from ume@mahoroba.org) Date: Sun, 12 May 2002 22:12:28 +0900 Message-ID: From: Hajimu UMEMOTO To: quak@mydiax.ch Cc: freebsd-security@FreeBSD.org Subject: Re: IPSEC: is ipcomp broken in 4.5-stable ? In-Reply-To: <200205121250.g4CComR07757@dubb04h05-0.dplanet.ch> References: <200205121250.g4CComR07757@dubb04h05-0.dplanet.ch> User-Agent: xcite1.38> Wanderlust/2.8.1 (Something) SEMI/1.14.3 (Ushinoya) FLIM/1.14.3 (=?ISO-8859-4?Q?Unebigory=F2mae?=) APEL/10.3 Emacs/21.2 (i386--freebsd) MULE/5.0 (=?ISO-2022-JP?B?GyRCOC1MWhsoQg==?=) X-Operating-System: FreeBSD 4.6-PRERELEASE MIME-Version: 1.0 (generated by SEMI 1.14.3 - "Ushinoya") Content-Type: text/plain; charset=US-ASCII X-Virus-Scanned: by AMaViS-perl11-milter (http://amavis.org/) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, >>>>> On Sun, 12 May 2002 14:50:48 +0200 >>>>> quak@mydiax.ch said: quak> Nop, patch says: quak> Hunk #1 failed at 252. quak> My kernel sources are from the original 4.5 CD (Image). Okay, this patch is against ipcomp_core.c of 4.5-RELEASE. Index: ipcomp_core.c diff -u ipcomp_core.c.orig ipcomp_core.c --- ipcomp_core.c.orig Sun May 12 22:06:25 2002 +++ ipcomp_core.c Sun May 12 22:09:42 2002 @@ -252,14 +252,17 @@ MOREBLOCK(); } - zerror = mode ? inflate(&zs, Z_FINISH) + zerror = mode ? inflate(&zs, Z_SYNC_FLUSH) : deflate(&zs, Z_FINISH); if (zerror == Z_STREAM_END) break; - else if (zerror == Z_OK) - ; /*once more.*/ - else { + else if (zerror == Z_OK) { + if (mode && zs.avail_out != 0) + goto terminate; + else + ; /* once more. */ + } else { if (zs.msg) { ipseclog((LOG_ERR, "ipcomp_%scompress: " "%sflate(Z_FINISH): %s\n", -- Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan ume@mahoroba.org ume@bisd.hitachi.co.jp ume@{,jp.}FreeBSD.org http://www.imasy.org/~ume/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message