Date: Thu, 22 Jun 2000 17:16:06 -0700 (PDT) From: Todd Backman <todd@flyingcroc.net> To: Todd Backman <todd@mail.flyingcroc.net> Cc: security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-00:23.ip-options Message-ID: <Pine.BSF.4.10.10006221709140.81943-100000@security1.noc.flyingcroc.net> In-Reply-To: <Pine.BSF.4.10.10006221655240.81943-100000@security1.noc.flyingcroc.net>
next in thread | previous in thread | raw e-mail | index | archive | help
After copying the patch from the SA, hacking out the cruft and running, it seems to work. The /pub/FreeBSD/CERT/patches/SA-00:23 does not work. Could it be due to the format of the patch on the ftp site? (just trying to figure things out here so I do not have a clue at a later date...) Thanks. - Todd On Thu, 22 Jun 2000, Todd Backman wrote: > > So, upon following the instructions for patch on the SA (including DL'ing > the patch from the ftp site) I get the following: > > **** START **** > > stuff# patch -p < ip-options.diff > Hmm... Looks like a unified diff to me... > The text leading up to this was: > -------------------------- > |Index: ip_icmp.c > |=================================================================== > |RCS file: /ncvs/src/sys/netinet/ip_icmp.c,v > |retrieving revision 1.39 > |diff -u -r1.39 ip_icmp.c > |--- ip_icmp.c 2000/01/28 06:13:09 1.39 > |+++ ip_icmp.c 2000/06/08 15:26:39 > -------------------------- > Patching file ip_icmp.c using Plan A... > Hunk #1 failed at 662. > 1 out of 1 hunks failed--saving rejects to ip_icmp.c.rej > Hmm... The next patch looks like a unified diff to me... > The text leading up to this was: > -------------------------- > |Index: ip_input.c > |=================================================================== > |RCS file: /ncvs/src/sys/netinet/ip_input.c,v > |retrieving revision 1.130 > |diff -u -r1.130 ip_input.c > |--- ip_input.c 2000/02/23 20:11:57 1.130 > |+++ ip_input.c 2000/06/08 15:25:46 > -------------------------- > Patching file ip_input.c using Plan A... > Hunk #1 failed at 1067. > Hunk #2 failed at 1178. > 2 out of 2 hunks failed--saving rejects to ip_input.c.rej > Hmm... The next patch looks like a unified diff to me... > The text leading up to this was: > -------------------------- > |Index: ip_output.c > |=================================================================== > |RCS file: /ncvs/src/sys/netinet/ip_output.c,v > |retrieving revision 1.99 > |diff -u -r1.99 ip_output.c > |--- ip_output.c 2000/03/09 14:57:15 1.99 > |+++ ip_output.c 2000/06/08 15:27:08 > -------------------------- > Patching file ip_output.c using Plan A... > Hunk #1 failed at 1302. > 1 out of 1 hunks failed--saving rejects to ip_output.c.rej > done > > **** FINISH **** > > Can anyone hit me with the cluestick? > > Thanks. > > - Todd > > > On Thu, 22 Jun 2000, FreeBSD Security Advisories wrote: > > > # cd /usr/src/sys/netinet > > # patch -p < /path/to/patch_or_advisory > > > > Index: ip_icmp.c > > =================================================================== > > RCS file: /ncvs/src/sys/netinet/ip_icmp.c,v > > retrieving revision 1.39 > > diff -u -r1.39 ip_icmp.c > > --- ip_icmp.c 2000/01/28 06:13:09 1.39 > > +++ ip_icmp.c 2000/06/08 15:26:39 > > @@ -662,8 +662,11 @@ > > if (opt == IPOPT_NOP) > > len = 1; > > else { > > + if (cnt < IPOPT_OLEN + sizeof(*cp)) > > + break; > > len = cp[IPOPT_OLEN]; > > - if (len <= 0 || len > cnt) > > + if (len < IPOPT_OLEN + sizeof(*cp) || > > + len > cnt) > > break; > > } > > /* > > Index: ip_input.c > > =================================================================== > > RCS file: /ncvs/src/sys/netinet/ip_input.c,v > > retrieving revision 1.130 > > diff -u -r1.130 ip_input.c > > --- ip_input.c 2000/02/23 20:11:57 1.130 > > +++ ip_input.c 2000/06/08 15:25:46 > > @@ -1067,8 +1067,12 @@ > > if (opt == IPOPT_NOP) > > optlen = 1; > > else { > > + if (cnt < IPOPT_OLEN + sizeof(*cp)) { > > + code = &cp[IPOPT_OLEN] - (u_char *)ip; > > + goto bad; > > + } > > optlen = cp[IPOPT_OLEN]; > > - if (optlen <= 0 || optlen > cnt) { > > + if (optlen < IPOPT_OLEN + sizeof(*cp) || optlen > cnt) { > > code = &cp[IPOPT_OLEN] - (u_char *)ip; > > goto bad; > > } > > @@ -1174,6 +1178,10 @@ > > break; > > > > case IPOPT_RR: > > + if (optlen < IPOPT_OFFSET + sizeof(*cp)) { > > + code = &cp[IPOPT_OFFSET] - (u_char *)ip; > > + goto bad; > > + } > > if ((off = cp[IPOPT_OFFSET]) < IPOPT_MINOFF) { > > code = &cp[IPOPT_OFFSET] - (u_char *)ip; > > goto bad; > > Index: ip_output.c > > =================================================================== > > RCS file: /ncvs/src/sys/netinet/ip_output.c,v > > retrieving revision 1.99 > > diff -u -r1.99 ip_output.c > > --- ip_output.c 2000/03/09 14:57:15 1.99 > > +++ ip_output.c 2000/06/08 15:27:08 > > @@ -1302,8 +1302,10 @@ > > if (opt == IPOPT_NOP) > > optlen = 1; > > else { > > + if (cnt < IPOPT_OLEN + sizeof(*cp)) > > + goto bad; > > optlen = cp[IPOPT_OLEN]; > > - if (optlen <= IPOPT_OLEN || optlen > cnt) > > + if (optlen < IPOPT_OLEN + sizeof(*cp) || optlen > cnt) > > goto bad; > > } > > switch (opt) { > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10006221709140.81943-100000>