Date: Thu, 29 Jan 2004 11:12:20 +1100 (EST) From: Peter Jeremy <peter.jeremy@alcatel.com.au> To: FreeBSD-gnats-submit@FreeBSD.org Subject: bin/62050: [PATCH] Incorrect expansion of "MYADDR" in ppp(8) Message-ID: <200401290012.i0T0CKvR052873@gsmx07.alcatel.com.au> Resent-Message-ID: <200401290020.i0T0KBOq066416@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 62050
>Category: bin
>Synopsis: [PATCH] Incorrect expansion of "MYADDR" in ppp(8)
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Jan 28 16:20:11 PST 2004
>Closed-Date:
>Last-Modified:
>Originator: Peter Jeremy
>Release: FreeBSD 4.9-RELEASE-p1 i386
>Organization:
Alcatel Australia Limited
>Environment:
System: FreeBSD gsmx07.alcatel.com.au 4.9-RELEASE-p1 FreeBSD 4.9-RELEASE-p1 #0: Fri Dec 19 07:22:50 EST 2003 root@aalp03.alcatel.com.au:/mnt/obj/mnt/rpc/src/sys/gsmx i386
>Description:
The literal "MYADDR" is incorrectly expanded to the IP address
associated with the hostname rather than the address defined in
a previous "set ifaddr" command.
Code inspection indicates that the faulty code was introduced
in command.c v1.268 and MFCd in v1.230.2.16
>How-To-Repeat:
Using the default ppp and ppp.conf from 4.9p1, enter the following
commands:
gsmx07# ppp
Working in interactive mode
Using interface: tun0
ppp ON gsmx07> set ifaddr 10.1.1.1 10.1.1.2
ppp ON gsmx07> ! echo MYADDR HISADDR
ppp: Pausing until echo finishes
xxx.yyy.xxx.ttt 10.1.1.2
ppp ON gsmx07>
(Where xxx.yyy.zzz.ttt is the IP address associated with gsmx07).
A ppp patched as below responds as expected
gsmx07# /tmp/ppp
Working in interactive mode
Using interface: tun0
ppp ON gsmx07> set ifaddr 10.1.1.1 10.1.1.2
ppp ON gsmx07> ! echo MYADDR HISADDR
ppp: Pausing until echo finishes
10.1.1.1 10.1.1.2
ppp ON gsmx07>
>Fix:
command.c:SetInterfaceAddr() defines "ncpaddr" as a local
variable and it is unused prior to the code in the patch below.
ncp->ipcp.cfg.my_range is initialised from the first argument
to "set ifaddr". Both ncpaddr_getip4() and ncprange_getaddr()
copy data (including the source IP address) from the first
argument to the second argument. The existing order means that
ncpaddr is referenced before it is set. It is unclear to me
why using the (undefined) content of ncpaddr results in the
IP address associated with the hostname being used.
Index: command.c
===================================================================
RCS file: /usr/ncvs/src/usr.sbin/ppp/command.c,v
retrieving revision 1.230.2.20
diff -u -r1.230.2.20 command.c
--- command.c 11 Aug 2003 09:35:50 -0000 1.230.2.20
+++ command.c 28 Jan 2004 02:51:14 -0000
@@ -1576,8 +1576,8 @@
}
/* 0.0.0.0 means any address (0 bits) */
- ncpaddr_getip4(&ncpaddr, &ncp->ipcp.my_ip);
ncprange_getaddr(&ncp->ipcp.cfg.my_range, &ncpaddr);
+ ncpaddr_getip4(&ncpaddr, &ncp->ipcp.my_ip);
if (ncp->ipcp.my_ip.s_addr == INADDR_ANY)
ncprange_setwidth(&ncp->ipcp.cfg.my_range, 0);
bundle_AdjustFilters(arg->bundle, &ncpaddr, NULL);
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200401290012.i0T0CKvR052873>