From owner-freebsd-bugs@FreeBSD.ORG Wed Jan 28 16:20:22 2004 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 220E116A4D0 for ; Wed, 28 Jan 2004 16:20:22 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 98AB043D55 for ; Wed, 28 Jan 2004 16:20:11 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) i0T0KBFR066417 for ; Wed, 28 Jan 2004 16:20:11 -0800 (PST) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.10/8.12.10/Submit) id i0T0KBOq066416; Wed, 28 Jan 2004 16:20:11 -0800 (PST) (envelope-from gnats) Resent-Date: Wed, 28 Jan 2004 16:20:11 -0800 (PST) Resent-Message-Id: <200401290020.i0T0KBOq066416@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Peter Jeremy Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 88E5A16A4CE for ; Wed, 28 Jan 2004 16:12:34 -0800 (PST) Received: from alcanet.com.au (mail2.alcanet.com.au [203.62.196.17]) by mx1.FreeBSD.org (Postfix) with ESMTP id DA4E243D1F for ; Wed, 28 Jan 2004 16:12:28 -0800 (PST) (envelope-from jeremyp@gsmx07.alcatel.com.au) Received: from sydsmtp02.alcatel.com.au (localhost.localdomain [127.0.0.1]) i0T0CMZr015849; Thu, 29 Jan 2004 11:12:22 +1100 Received: from gsmx07.alcatel.com.au ([139.188.20.247]) by sydsmtp02.alcatel.com.au (Lotus Domino Release 5.0.12) with ESMTP id 2004012911122156:14496 ; Thu, 29 Jan 2004 11:12:21 +1100 Received: from gsmx07.alcatel.com.au (localhost [127.0.0.1]) i0T0CLHQ052874; Thu, 29 Jan 2004 11:12:21 +1100 (EST) (envelope-from jeremyp@gsmx07.alcatel.com.au) Received: (from jeremyp@localhost) by gsmx07.alcatel.com.au (8.12.9p2/8.12.9/Submit) id i0T0CKvR052873; Thu, 29 Jan 2004 11:12:20 +1100 (EST) (envelope-from jeremyp) Message-Id: <200401290012.i0T0CKvR052873@gsmx07.alcatel.com.au> Date: Thu, 29 Jan 2004 11:12:20 +1100 (EST) From: Peter Jeremy To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: bin/62050: [PATCH] Incorrect expansion of "MYADDR" in ppp(8) X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Jan 2004 00:20:22 -0000 >Number: 62050 >Category: bin >Synopsis: [PATCH] Incorrect expansion of "MYADDR" in ppp(8) >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Jan 28 16:20:11 PST 2004 >Closed-Date: >Last-Modified: >Originator: Peter Jeremy >Release: FreeBSD 4.9-RELEASE-p1 i386 >Organization: Alcatel Australia Limited >Environment: System: FreeBSD gsmx07.alcatel.com.au 4.9-RELEASE-p1 FreeBSD 4.9-RELEASE-p1 #0: Fri Dec 19 07:22:50 EST 2003 root@aalp03.alcatel.com.au:/mnt/obj/mnt/rpc/src/sys/gsmx i386 >Description: The literal "MYADDR" is incorrectly expanded to the IP address associated with the hostname rather than the address defined in a previous "set ifaddr" command. Code inspection indicates that the faulty code was introduced in command.c v1.268 and MFCd in v1.230.2.16 >How-To-Repeat: Using the default ppp and ppp.conf from 4.9p1, enter the following commands: gsmx07# ppp Working in interactive mode Using interface: tun0 ppp ON gsmx07> set ifaddr 10.1.1.1 10.1.1.2 ppp ON gsmx07> ! echo MYADDR HISADDR ppp: Pausing until echo finishes xxx.yyy.xxx.ttt 10.1.1.2 ppp ON gsmx07> (Where xxx.yyy.zzz.ttt is the IP address associated with gsmx07). A ppp patched as below responds as expected gsmx07# /tmp/ppp Working in interactive mode Using interface: tun0 ppp ON gsmx07> set ifaddr 10.1.1.1 10.1.1.2 ppp ON gsmx07> ! echo MYADDR HISADDR ppp: Pausing until echo finishes 10.1.1.1 10.1.1.2 ppp ON gsmx07> >Fix: command.c:SetInterfaceAddr() defines "ncpaddr" as a local variable and it is unused prior to the code in the patch below. ncp->ipcp.cfg.my_range is initialised from the first argument to "set ifaddr". Both ncpaddr_getip4() and ncprange_getaddr() copy data (including the source IP address) from the first argument to the second argument. The existing order means that ncpaddr is referenced before it is set. It is unclear to me why using the (undefined) content of ncpaddr results in the IP address associated with the hostname being used. Index: command.c =================================================================== RCS file: /usr/ncvs/src/usr.sbin/ppp/command.c,v retrieving revision 1.230.2.20 diff -u -r1.230.2.20 command.c --- command.c 11 Aug 2003 09:35:50 -0000 1.230.2.20 +++ command.c 28 Jan 2004 02:51:14 -0000 @@ -1576,8 +1576,8 @@ } /* 0.0.0.0 means any address (0 bits) */ - ncpaddr_getip4(&ncpaddr, &ncp->ipcp.my_ip); ncprange_getaddr(&ncp->ipcp.cfg.my_range, &ncpaddr); + ncpaddr_getip4(&ncpaddr, &ncp->ipcp.my_ip); if (ncp->ipcp.my_ip.s_addr == INADDR_ANY) ncprange_setwidth(&ncp->ipcp.cfg.my_range, 0); bundle_AdjustFilters(arg->bundle, &ncpaddr, NULL); >Release-Note: >Audit-Trail: >Unformatted: