From owner-freebsd-security  Wed Jun 13 11:48:13 2001
Delivered-To: freebsd-security@freebsd.org
Received: from hotmail.com (oe17.law12.hotmail.com [64.4.18.121])
	by hub.freebsd.org (Postfix) with ESMTP id 5D14C37B407
	for <freebsd-security@freebsd.org>; Wed, 13 Jun 2001 11:47:57 -0700 (PDT)
	(envelope-from default013subscriptions@hotmail.com)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Wed, 13 Jun 2001 11:47:56 -0700
X-Originating-IP: [24.14.93.185]
Reply-To: "default013 - subscriptions" <default013subscriptions@hotmail.com>
From: "default013 - subscriptions" <default013subscriptions@hotmail.com>
To: <freebsd-security@freebsd.org>
Subject: trouble with glob patch (ftp exploit)
Date: Wed, 13 Jun 2001 13:48:23 -0500
MIME-Version: 1.0
Content-Type: text/plain;	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Message-ID: <OE178r6beUzmRf6Ci6n000106d3@hotmail.com>
X-OriginalArrivalTime: 13 Jun 2001 18:47:56.0742 (UTC) FILETIME=[5C6E4E60:01C0F439]
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Hi, I was doing some security upgrades and attempted to install the glob ftp
exploit patch...
(ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:33/glob.4.x.patch)

I do not believe it installed correctly as I received the following errors.
If anyone can help me with this I would extremely appreciate it.

(Here is when I applied the patch as directed on
http://www.linuxsecurity.com/advisories/freebsd_advisory-1294.html)

[/usr/src]# patch -p < /usr/home/default/patches/glob.4.x.patch
Hmm...  Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|Index: include/glob.h
|===================================================================
|RCS file: /home/ncvs/src/include/glob.h,v
|--- include/glob.h     1998/02/25 02:15:59     1.3
|+++ include/glob.h     2001/03/21 14:33:56     1.3.6.1
--------------------------
Patching file include/glob.h using Plan A...
Hunk #1 succeeded at 77.
Hmm...  The next patch looks like a unified diff to me...
The text leading up to this was:
--------------------------
|Index: lib/libc/gen/glob.c
|===================================================================
|RCS file: /home/ncvs/src/lib/libc/gen/glob.c,v
|--- lib/libc/gen/glob.c        1998/02/20 07:54:56     1.11
|+++ lib/libc/gen/glob.c        2001/04/07 21:00:20
--------------------------
Patching file lib/libc/gen/glob.c using Plan A...
Hunk #1 succeeded at 129.
Hunk #2 succeeded at 137.
Hunk #3 succeeded at 158.
Hunk #4 succeeded at 168.
Hunk #5 succeeded at 197.
Hunk #6 succeeded at 207.
Hunk #7 succeeded at 233.
Hunk #8 succeeded at 274.
Hunk #9 succeeded at 321.
Hunk #10 succeeded at 415.
Hunk #11 succeeded at 480.
Hunk #12 succeeded at 493.
Hunk #13 succeeded at 508.
Hunk #14 succeeded at 528.
Hunk #15 succeeded at 552.
Hunk #16 succeeded at 567.
Hunk #17 succeeded at 606.
Hunk #18 succeeded at 636.
Hunk #19 succeeded at 674.
Hunk #20 succeeded at 710.
Hunk #21 succeeded at 791.
Hunk #22 succeeded at 804.
Hunk #23 succeeded at 823.
Hunk #24 succeeded at 840.
Hunk #25 succeeded at 860.
Hmm...  The next patch looks like a unified diff to me...
The text leading up to this was:
--------------------------
|Index: libexec/ftpd/popen.c
|===================================================================
|RCS file: /home/ncvs/src/libexec/ftpd/popen.c,v
|--- libexec/ftpd/popen.c       2000/09/20 09:57:58     1.18.2.1
|+++ libexec/ftpd/popen.c       2001/04/07 21:08:09
--------------------------
Patching file libexec/ftpd/popen.c using Plan A...
Hunk #1 succeeded at 107.
Hmm...  The next patch looks like a unified diff to me...
The text leading up to this was:
--------------------------
|===================================================================
|RCS file: /home/ncvs/src/libexec/ftpd/ftpd.c,v
|--- libexec/ftpd/ftpd.c        2001/03/11 13:20:44     1.73
|+++ libexec/ftpd/ftpd.c        2001/03/19 19:11:00
--------------------------
Patching file libexec/ftpd/ftpd.c using Plan A...
Hunk #1 succeeded at 186 (offset -3 lines).
Hunk #2 succeeded at 2611 (offset -17 lines).
Hmm...  The next patch looks like a unified diff to me...
The text leading up to this was:
--------------------------
|===================================================================
|RCS file: /home/ncvs/src/libexec/ftpd/ftpcmd.y,v
|--- libexec/ftpd/ftpcmd.y      2001/04/16 22:20:26     1.23
|+++ libexec/ftpd/ftpcmd.y      2001/04/17 03:03:45
--------------------------
Patching file libexec/ftpd/ftpcmd.y using Plan A...
Hunk #1 succeeded at 133 with fuzz 2 (offset -5 lines).
Hunk #2 succeeded at 461 (offset -14 lines).
Hunk #3 succeeded at 910 (offset -31 lines).
Hunk #4 succeeded at 1008 (offset -33 lines).
done

(here is what happened when I did a make all install in /usr/src/lib/libc)

cc -O -pipe -DLIBC_RCS -DSYSLIBC_RCS -I/usr/src/lib/libc/include -D__DBINTER
FACE_PRIVATE -DINET6 -DPOSIX_MISTAKE -I/usr/src/lib/libc/../libc/locale -DBR
OKEN_DES -DYP -c /usr/src/lib/libc/../libc/gen/glob.c -o glob.o
/usr/src/lib/libc/../libc/gen/glob.c: In function `glob':
/usr/src/lib/libc/../libc/gen/glob.c:171: `GLOB_MAXPATH' undeclared (first
use in this function)
/usr/src/lib/libc/../libc/gen/glob.c:171: (Each undeclared identifier is
reported only once
/usr/src/lib/libc/../libc/gen/glob.c:171: for each function it appears in.)
/usr/src/lib/libc/../libc/gen/glob.c: In function `globextend':
/usr/src/lib/libc/../libc/gen/glob.c:689: `GLOB_LIMIT' undeclared (first use
in this function)
*** Error code 1

(and finally, here is what happened when I did a make all install in
/usr/src/libexec/ftpd)

[/usr/src/libexec/ftpd]# make all install
Warning: Object directory not changed from original /usr/src/libexec/ftpd
cc -O -pipe -DSETPROCTITLE -DSKEY -DLOGIN_CAP -DVIRTUAL_HOSTING -Wall  -I/us
r/src/libexec/ftpd/../../contrib-crypto/telnet -DINET6 -Dmain=ls_main -I/usr
/src/libexec/ftpd/../../bin/ls   -c ftpd.c
ftpd.c: In function `send_file_list':
ftpd.c:2612: `GLOB_MAXPATH' undeclared (first use in this function)
ftpd.c:2612: (Each undeclared identifier is reported only once
ftpd.c:2612: for each function it appears in.)
ftpd.c:2601: warning: variable `dout' might be clobbered by `longjmp' or
`vfork'
ftpd.c:2602: warning: variable `dirlist' might be clobbered by `longjmp' or
`vfork'
ftpd.c:2603: warning: variable `simple' might be clobbered by `longjmp' or
`vfork'
ftpd.c:2604: warning: variable `freeglob' might be clobbered by `longjmp' or
`vfork'
*** Error code 1

Stop in /usr/src/libexec/ftpd.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message