From owner-freebsd-security Fri Jun 23 20:40:43 2000 Delivered-To: freebsd-security@freebsd.org Received: from ns2.intertek.net (ns2.intertek.net [209.83.158.3]) by hub.freebsd.org (Postfix) with ESMTP id 4D64D37B7F9 for ; Fri, 23 Jun 2000 20:40:35 -0700 (PDT) (envelope-from chancedj@intertek.net) Received: from satan (oflil078.intertek.net [209.83.158.78]) by ns2.intertek.net (8.9.3/8.9.3) with SMTP id WAA14361 for ; Fri, 23 Jun 2000 22:36:58 -0500 Message-ID: <016901bfdd8e$5a96f3c0$0200000a@gateway.intertek.net> From: "Daryl Chance" To: "FreeBSD Security2" References: Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-00:23.ip-options Date: Fri, 23 Jun 2000 22:43:25 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6600 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Todd: I tried updating my dialup box and got the same thing. a quick vi on the file and I noticed that there were ^M's dostounix checked again, and all was gone...patched and it patched cleanly. I figured you've probably checked there already, but it never hurts to ask :). Daryl ----- Original Message ----- From: "Todd Backman" To: Sent: Thursday, June 22, 2000 7:01 PM Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-00:23.ip-options > > So, upon following the instructions for patch on the SA (including DL'ing > the patch from the ftp site) I get the following: > > **** START **** > > stuff# patch -p < ip-options.diff > Hmm... Looks like a unified diff to me... > The text leading up to this was: > -------------------------- > |Index: ip_icmp.c > |=================================================================== > |RCS file: /ncvs/src/sys/netinet/ip_icmp.c,v > |retrieving revision 1.39 > |diff -u -r1.39 ip_icmp.c > |--- ip_icmp.c 2000/01/28 06:13:09 1.39 > |+++ ip_icmp.c 2000/06/08 15:26:39 > -------------------------- > Patching file ip_icmp.c using Plan A... > Hunk #1 failed at 662. > 1 out of 1 hunks failed--saving rejects to ip_icmp.c.rej > Hmm... The next patch looks like a unified diff to me... > The text leading up to this was: > -------------------------- > |Index: ip_input.c > |=================================================================== > |RCS file: /ncvs/src/sys/netinet/ip_input.c,v > |retrieving revision 1.130 > |diff -u -r1.130 ip_input.c > |--- ip_input.c 2000/02/23 20:11:57 1.130 > |+++ ip_input.c 2000/06/08 15:25:46 > -------------------------- > Patching file ip_input.c using Plan A... > Hunk #1 failed at 1067. > Hunk #2 failed at 1178. > 2 out of 2 hunks failed--saving rejects to ip_input.c.rej > Hmm... The next patch looks like a unified diff to me... > The text leading up to this was: > -------------------------- > |Index: ip_output.c > |=================================================================== > |RCS file: /ncvs/src/sys/netinet/ip_output.c,v > |retrieving revision 1.99 > |diff -u -r1.99 ip_output.c > |--- ip_output.c 2000/03/09 14:57:15 1.99 > |+++ ip_output.c 2000/06/08 15:27:08 > -------------------------- > Patching file ip_output.c using Plan A... > Hunk #1 failed at 1302. > 1 out of 1 hunks failed--saving rejects to ip_output.c.rej > done > > **** FINISH **** > > Can anyone hit me with the cluestick? > > Thanks. > > - Todd > > > On Thu, 22 Jun 2000, FreeBSD Security Advisories wrote: > > > # cd /usr/src/sys/netinet > > # patch -p < /path/to/patch_or_advisory > > > > Index: ip_icmp.c > > =================================================================== > > RCS file: /ncvs/src/sys/netinet/ip_icmp.c,v > > retrieving revision 1.39 > > diff -u -r1.39 ip_icmp.c > > --- ip_icmp.c 2000/01/28 06:13:09 1.39 > > +++ ip_icmp.c 2000/06/08 15:26:39 > > @@ -662,8 +662,11 @@ > > if (opt == IPOPT_NOP) > > len = 1; > > else { > > + if (cnt < IPOPT_OLEN + sizeof(*cp)) > > + break; > > len = cp[IPOPT_OLEN]; > > - if (len <= 0 || len > cnt) > > + if (len < IPOPT_OLEN + sizeof(*cp) || > > + len > cnt) > > break; > > } > > /* > > Index: ip_input.c > > =================================================================== > > RCS file: /ncvs/src/sys/netinet/ip_input.c,v > > retrieving revision 1.130 > > diff -u -r1.130 ip_input.c > > --- ip_input.c 2000/02/23 20:11:57 1.130 > > +++ ip_input.c 2000/06/08 15:25:46 > > @@ -1067,8 +1067,12 @@ > > if (opt == IPOPT_NOP) > > optlen = 1; > > else { > > + if (cnt < IPOPT_OLEN + sizeof(*cp)) { > > + code = &cp[IPOPT_OLEN] - (u_char *)ip; > > + goto bad; > > + } > > optlen = cp[IPOPT_OLEN]; > > - if (optlen <= 0 || optlen > cnt) { > > + if (optlen < IPOPT_OLEN + sizeof(*cp) || optlen > cnt) { > > code = &cp[IPOPT_OLEN] - (u_char *)ip; > > goto bad; > > } > > @@ -1174,6 +1178,10 @@ > > break; > > > > case IPOPT_RR: > > + if (optlen < IPOPT_OFFSET + sizeof(*cp)) { > > + code = &cp[IPOPT_OFFSET] - (u_char *)ip; > > + goto bad; > > + } > > if ((off = cp[IPOPT_OFFSET]) < IPOPT_MINOFF) { > > code = &cp[IPOPT_OFFSET] - (u_char *)ip; > > goto bad; > > Index: ip_output.c > > =================================================================== > > RCS file: /ncvs/src/sys/netinet/ip_output.c,v > > retrieving revision 1.99 > > diff -u -r1.99 ip_output.c > > --- ip_output.c 2000/03/09 14:57:15 1.99 > > +++ ip_output.c 2000/06/08 15:27:08 > > @@ -1302,8 +1302,10 @@ > > if (opt == IPOPT_NOP) > > optlen = 1; > > else { > > + if (cnt < IPOPT_OLEN + sizeof(*cp)) > > + goto bad; > > optlen = cp[IPOPT_OLEN]; > > - if (optlen <= IPOPT_OLEN || optlen > cnt) > > + if (optlen < IPOPT_OLEN + sizeof(*cp) || optlen > cnt) > > goto bad; > > } > > switch (opt) { > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message