Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 21 Jan 2015 19:43:03 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-ports-bugs@FreeBSD.org
Subject:   [Bug 196351] net/libutp: backport fix for transmission crash (likely CVE-2012-6129)
Message-ID:  <bug-196351-13-UpXL4Iowkl@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-196351-13@https.bugs.freebsd.org/bugzilla/>
References:  <bug-196351-13@https.bugs.freebsd.org/bugzilla/>

next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196351

--- Comment #11 from Mikhail T. <mi@ALDAN.algebra.com> ---
Comment on attachment 151065
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=151065
files/patch-CVE-2012-6129

Jan, comparing third-party/libutp, that's bundled with Transmission against our
bittorrent-libutp-7c4f19a, I get exactly the same changes as above EXCEPT for
the following:

--- bittorrent-libutp-7c4f19a/utp_utils.cpp     2013-05-14 19:05:36.000000000
-0400
+++ libutp/utp_utils.cpp        2014-07-01 13:10:47.850913000 -0400
...
-#define UDP_TEREDO_MTU (TEREDO_MTU - IPV6_HEADER_SIZE - UDP_HEADER_SIZE)
+#define UDP_TEREDO_MTU (TEREDO_MTU - UDP_HEADER_SIZE)

It would seem to me, if we are bringing our libutp in line with what its main
(sole?) user expects, we should include all changes. Did you omit the change to
utp_utils.cpp on purpose? Thank you!

-- 
You are receiving this mail because:
You are the assignee for the bug.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-196351-13-UpXL4Iowkl>