Date: Thu, 22 Jun 2000 17:16:06 -0700 (PDT) From: Todd Backman <todd@flyingcroc.net> To: Todd Backman <todd@mail.flyingcroc.net> Cc: security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-00:23.ip-options Message-ID: <Pine.BSF.4.10.10006221709140.81943-100000@security1.noc.flyingcroc.net> In-Reply-To: <Pine.BSF.4.10.10006221655240.81943-100000@security1.noc.flyingcroc.net>
next in thread | previous in thread | raw e-mail | index | archive | help
After copying the patch from the SA, hacking out the cruft and running, it
seems to work. The /pub/FreeBSD/CERT/patches/SA-00:23 does not work. Could
it be due to the format of the patch on the ftp site? (just trying to
figure things out here so I do not have a clue at a later date...)
Thanks.
- Todd
On Thu, 22 Jun 2000, Todd Backman wrote:
>
> So, upon following the instructions for patch on the SA (including DL'ing
> the patch from the ftp site) I get the following:
>
> **** START ****
>
> stuff# patch -p < ip-options.diff
> Hmm... Looks like a unified diff to me...
> The text leading up to this was:
> --------------------------
> |Index: ip_icmp.c
> |===================================================================
> |RCS file: /ncvs/src/sys/netinet/ip_icmp.c,v
> |retrieving revision 1.39
> |diff -u -r1.39 ip_icmp.c
> |--- ip_icmp.c 2000/01/28 06:13:09 1.39
> |+++ ip_icmp.c 2000/06/08 15:26:39
> --------------------------
> Patching file ip_icmp.c using Plan A...
> Hunk #1 failed at 662.
> 1 out of 1 hunks failed--saving rejects to ip_icmp.c.rej
> Hmm... The next patch looks like a unified diff to me...
> The text leading up to this was:
> --------------------------
> |Index: ip_input.c
> |===================================================================
> |RCS file: /ncvs/src/sys/netinet/ip_input.c,v
> |retrieving revision 1.130
> |diff -u -r1.130 ip_input.c
> |--- ip_input.c 2000/02/23 20:11:57 1.130
> |+++ ip_input.c 2000/06/08 15:25:46
> --------------------------
> Patching file ip_input.c using Plan A...
> Hunk #1 failed at 1067.
> Hunk #2 failed at 1178.
> 2 out of 2 hunks failed--saving rejects to ip_input.c.rej
> Hmm... The next patch looks like a unified diff to me...
> The text leading up to this was:
> --------------------------
> |Index: ip_output.c
> |===================================================================
> |RCS file: /ncvs/src/sys/netinet/ip_output.c,v
> |retrieving revision 1.99
> |diff -u -r1.99 ip_output.c
> |--- ip_output.c 2000/03/09 14:57:15 1.99
> |+++ ip_output.c 2000/06/08 15:27:08
> --------------------------
> Patching file ip_output.c using Plan A...
> Hunk #1 failed at 1302.
> 1 out of 1 hunks failed--saving rejects to ip_output.c.rej
> done
>
> **** FINISH ****
>
> Can anyone hit me with the cluestick?
>
> Thanks.
>
> - Todd
>
>
> On Thu, 22 Jun 2000, FreeBSD Security Advisories wrote:
>
> > # cd /usr/src/sys/netinet
> > # patch -p < /path/to/patch_or_advisory
> >
> > Index: ip_icmp.c
> > ===================================================================
> > RCS file: /ncvs/src/sys/netinet/ip_icmp.c,v
> > retrieving revision 1.39
> > diff -u -r1.39 ip_icmp.c
> > --- ip_icmp.c 2000/01/28 06:13:09 1.39
> > +++ ip_icmp.c 2000/06/08 15:26:39
> > @@ -662,8 +662,11 @@
> > if (opt == IPOPT_NOP)
> > len = 1;
> > else {
> > + if (cnt < IPOPT_OLEN + sizeof(*cp))
> > + break;
> > len = cp[IPOPT_OLEN];
> > - if (len <= 0 || len > cnt)
> > + if (len < IPOPT_OLEN + sizeof(*cp) ||
> > + len > cnt)
> > break;
> > }
> > /*
> > Index: ip_input.c
> > ===================================================================
> > RCS file: /ncvs/src/sys/netinet/ip_input.c,v
> > retrieving revision 1.130
> > diff -u -r1.130 ip_input.c
> > --- ip_input.c 2000/02/23 20:11:57 1.130
> > +++ ip_input.c 2000/06/08 15:25:46
> > @@ -1067,8 +1067,12 @@
> > if (opt == IPOPT_NOP)
> > optlen = 1;
> > else {
> > + if (cnt < IPOPT_OLEN + sizeof(*cp)) {
> > + code = &cp[IPOPT_OLEN] - (u_char *)ip;
> > + goto bad;
> > + }
> > optlen = cp[IPOPT_OLEN];
> > - if (optlen <= 0 || optlen > cnt) {
> > + if (optlen < IPOPT_OLEN + sizeof(*cp) || optlen > cnt) {
> > code = &cp[IPOPT_OLEN] - (u_char *)ip;
> > goto bad;
> > }
> > @@ -1174,6 +1178,10 @@
> > break;
> >
> > case IPOPT_RR:
> > + if (optlen < IPOPT_OFFSET + sizeof(*cp)) {
> > + code = &cp[IPOPT_OFFSET] - (u_char *)ip;
> > + goto bad;
> > + }
> > if ((off = cp[IPOPT_OFFSET]) < IPOPT_MINOFF) {
> > code = &cp[IPOPT_OFFSET] - (u_char *)ip;
> > goto bad;
> > Index: ip_output.c
> > ===================================================================
> > RCS file: /ncvs/src/sys/netinet/ip_output.c,v
> > retrieving revision 1.99
> > diff -u -r1.99 ip_output.c
> > --- ip_output.c 2000/03/09 14:57:15 1.99
> > +++ ip_output.c 2000/06/08 15:27:08
> > @@ -1302,8 +1302,10 @@
> > if (opt == IPOPT_NOP)
> > optlen = 1;
> > else {
> > + if (cnt < IPOPT_OLEN + sizeof(*cp))
> > + goto bad;
> > optlen = cp[IPOPT_OLEN];
> > - if (optlen <= IPOPT_OLEN || optlen > cnt)
> > + if (optlen < IPOPT_OLEN + sizeof(*cp) || optlen > cnt)
> > goto bad;
> > }
> > switch (opt) {
> >
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10006221709140.81943-100000>