Date: Mon, 7 May 2001 16:26:38 -0700 (PDT) From: scott@renfro.org To: freebsd-gnats-submit@FreeBSD.org Subject: ports/27193: wget: IPv4 abort() w/kame 20010418 IPv6 patch Message-ID: <200105072326.f47NQcL15506@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 27193
>Category: ports
>Synopsis: wget: IPv4 abort() w/kame 20010418 IPv6 patch
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon May 07 16:30:00 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator: Scott Renfro
>Release: 4-STABLE
>Organization:
>Environment:
FreeBSD scott.securify.com 4.3-RC FreeBSD 4.3-RC #0: Tue Apr 24 09:33:42 PDT 2001 srenfro@scott.securify.com:/usr/src/sys/compile/SCOTT-Z505LS i386
>Description:
sizeof(hbuf) rather than hlen is passed as buffer length to
inet_ntop(3) in the #ifndef INET6 conditional code in ftp_epsv() in
ftp-basic.c from the kame 0418 patch.
Since hbuf is a pointer rather than an array in this scope,
inet_ntop(3) doesn't have enough space and returns 0, setting
errno to ENOSPC, which leads to the abort(3) call at line 387
in ftp.c.
>How-To-Repeat:
just use wget-1.6_3 on a machine where INET6 is not defined... causes
abort(3) call every time.
>Fix:
Here's two patches: first is a patch to wget-16-v6-20010418a.diff;
second is a patch to ftp-basic.c after being patched with above. (first can be sent to kame and second may be useful in the interim).
-----FIRST PATCH
--- wget-16-v6-20010418a.diff.orig Mon May 7 14:50:04 2001
+++ wget-16-v6-20010418a.diff Mon May 7 14:50:22 2001
@@ -2870,7 +2870,7 @@
+ if (((struct sockaddr *)&ss)->sa_family != AF_INET)
+ return HOSTERR;
+ if (!inet_ntop(AF_INET, &((struct sockaddr_in *)&ss)->sin_addr, hbuf,
-+ sizeof(hbuf)))
++ hlen))
+ return HOSTERR;
+#else
+ if (getnameinfo((struct sockaddr *)&ss, sslen, hbuf, hlen, NULL, 0,
-----SECOND PATCH
--- ftp-basic.c.patched Mon May 7 14:52:44 2001
+++ ftp-basic.c Mon May 7 14:53:06 2001
@@ -462,7 +462,7 @@
if (((struct sockaddr *)&ss)->sa_family != AF_INET)
return HOSTERR;
if (!inet_ntop(AF_INET, &((struct sockaddr_in *)&ss)->sin_addr, hbuf,
- sizeof(hbuf)))
+ hlen))
return HOSTERR;
#else
if (getnameinfo((struct sockaddr *)&ss, sslen, hbuf, hlen, NULL, 0,
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200105072326.f47NQcL15506>