Date: Tue, 18 May 2004 23:24:31 -0700 (PDT) From: Dariusz Kulinski <takeda3@netzero.net> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/66858: [patch] on freebsd 4.x there is high probability that oidentd can get into infinite loop (this time good patch) Message-ID: <200405190624.i4J6OVlm045143@freebsd.takeda.tk> Resent-Message-ID: <200405190630.i4J6UCgr080505@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 66858 >Category: ports >Synopsis: [patch] on freebsd 4.x there is high probability that oidentd can get into infinite loop (this time good patch) >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Tue May 18 23:30:12 PDT 2004 >Closed-Date: >Last-Modified: >Originator: Dariusz Kulinski >Release: FreeBSD 4.9-RELEASE-p4 i386 >Organization: >Environment: System: FreeBSD freebsd.takeda.tk 4.9-RELEASE-p4 FreeBSD 4.9-RELEASE-p4 #0: Wed Mar 17 22:05:17 PST 2004 root@freebsd.takeda.tk:/usr/obj/usr/src/sys/TUNED i386 >Description: Last patch to oidentd introduced a bug under freebsd 4.x. In get_list() function there is do-while loop, patch included additional continue instructions, which skipped "head = pcbp.inp_list.le_next;" making oidentd go into infinite loop. This patch fixes that issue. >How-To-Repeat: >Fix: --- oidentd.patch begins here --- diff -ru oidentd/files/patch-unprivileged_ipv6 oidentd.new/files/patch-unprivileged_ipv6 --- oidentd/files/patch-unprivileged_ipv6 Sat Mar 20 20:38:56 2004 +++ oidentd.new/files/patch-unprivileged_ipv6 Tue May 18 23:14:34 2004 @@ -1,6 +1,6 @@ diff -ru src.old/kernel/freebsd.c src/kernel/freebsd.c ---- src.old/kernel/freebsd.c Sat Mar 20 20:36:51 2004 -+++ src/kernel/freebsd.c Sat Mar 20 20:37:09 2004 +--- src.old/kernel/freebsd.c Tue May 18 23:12:23 2004 ++++ src/kernel/freebsd.c Tue May 18 23:13:45 2004 @@ -159,11 +159,11 @@ #ifdef _HAVE_OLD_INPCB @@ -38,7 +38,7 @@ pcbp->inp_fport == fport && pcbp->inp_lport == lport) { -@@ -199,16 +199,33 @@ +@@ -199,28 +199,45 @@ #else @@ -76,7 +76,10 @@ head = pcbhead->lh_first; if (head == NULL) -@@ -218,9 +235,9 @@ + return (NULL); + +- do { ++ for (; head != NULL; head = pcbp.inp_list.le_next) { if (getbuf((u_long) head, &pcbp, sizeof(struct inpcb)) == -1) break; @@ -89,7 +92,7 @@ pcbp.inp_fport == fport && pcbp.inp_lport == lport) { -@@ -228,8 +245,32 @@ +@@ -228,16 +245,39 @@ } } @@ -124,7 +127,16 @@ pcbp.inp_fport == fport && pcbp.inp_lport == lport) { -@@ -248,7 +289,7 @@ + return (pcbp.inp_socket); + } + +- head = pcbp.inp_list.le_next; +- } while (head != NULL); ++ } + + return (NULL); + } +@@ -248,7 +288,7 @@ ** Return the UID of the connection owner */ @@ -133,7 +145,7 @@ in_port_t fport, struct sockaddr_storage *laddr, struct sockaddr_storage *faddr) -@@ -276,8 +317,9 @@ +@@ -276,8 +316,9 @@ tcb.inp_prev = (struct inpcb *) kinfo->nl[N_TCB].n_value; #endif @@ -145,7 +157,7 @@ if (sockp == NULL) return (-1); -@@ -346,6 +388,14 @@ +@@ -346,6 +387,14 @@ return (-1); } @@ -160,7 +172,7 @@ #ifdef MASQ_SUPPORT /* -@@ -456,36 +506,7 @@ +@@ -456,36 +505,7 @@ struct sockaddr_storage *laddr, struct sockaddr_storage *faddr) { @@ -199,8 +211,8 @@ #endif diff -ru src.old/kernel/freebsd5.c src/kernel/freebsd5.c ---- src.old/kernel/freebsd5.c Sat Mar 20 20:36:51 2004 -+++ src/kernel/freebsd5.c Sat Mar 20 20:37:13 2004 +--- src.old/kernel/freebsd5.c Tue May 18 23:12:23 2004 ++++ src/kernel/freebsd5.c Tue May 18 23:12:46 2004 @@ -160,11 +160,11 @@ #ifdef _HAVE_OLD_INPCB --- oidentd.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200405190624.i4J6OVlm045143>