From owner-freebsd-security Sun May 12 4:48:59 2002 Delivered-To: freebsd-security@freebsd.org Received: from cheer.mahoroba.org (flets19-004.kamome.or.jp [218.45.19.4]) by hub.freebsd.org (Postfix) with ESMTP id DB24A37B401 for ; Sun, 12 May 2002 04:48:51 -0700 (PDT) Received: from mille.mahoroba.org (IDENT:QxeLyq/tdMWFkfycXLCGAK34k/Yf8sRY4iFIuVofBgQ9YgLErD8gaKr056/UQfj6@mille.mahoroba.org [IPv6:2001:200:301:0:202:2dff:fe0a:6bee]) (user=ume mech=CRAM-MD5 bits=0) by cheer.mahoroba.org (8.12.3/8.12.3) with ESMTP/inet6 id g4CBmjLR025209 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Sun, 12 May 2002 20:48:46 +0900 (JST) (envelope-from ume@mahoroba.org) Date: Sun, 12 May 2002 20:48:45 +0900 Message-ID: From: Hajimu UMEMOTO To: quak@mydiax.ch Cc: freebsd-security@FreeBSD.org Subject: Re: IPSEC: is ipcomp broken in 4.5-stable ? In-Reply-To: <200205121006.g4CA6FM01637@dubb05h07-0.dplanet.ch> References: <200205121006.g4CA6FM01637@dubb05h07-0.dplanet.ch> User-Agent: xcite1.38> Wanderlust/2.8.1 (Something) SEMI/1.14.3 (Ushinoya) FLIM/1.14.3 (=?ISO-8859-4?Q?Unebigory=F2mae?=) APEL/10.3 Emacs/21.2 (i386--freebsd) MULE/5.0 (=?ISO-2022-JP?B?GyRCOC1MWhsoQg==?=) X-Operating-System: FreeBSD 4.6-PRERELEASE MIME-Version: 1.0 (generated by SEMI 1.14.3 - "Ushinoya") Content-Type: text/plain; charset=US-ASCII X-Virus-Scanned: by AMaViS-perl11-milter (http://amavis.org/) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, >>>>> On Sun, 12 May 2002 12:06:15 +0200 >>>>> quak@mydiax.ch said: quak> ipcomp_decompress: inflate(Z_FINISH): unknown error (-2) and transfer will stall for 3-6 seconds, the proceed again. It seems it was broken by recent zlib change. Does this patch work for you? Index: sys/netinet6/ipcomp_core.c diff -u sys/netinet6/ipcomp_core.c.orig sys/netinet6/ipcomp_core.c --- sys/netinet6/ipcomp_core.c.orig Sun May 5 04:33:23 2002 +++ sys/netinet6/ipcomp_core.c Sun May 12 20:41:58 2002 @@ -252,14 +252,17 @@ MOREBLOCK(); } - zerror = mode ? inflate(&zs, Z_FINISH) + zerror = mode ? inflate(&zs, Z_SYNC_FLUSH) : deflate(&zs, Z_FINISH); if (zerror == Z_STREAM_END) break; - else if (zerror == Z_OK) - ; /* once more. */ - else { + else if (zerror == Z_OK) { + if (mode && zs.avail_out != 0) + goto terminate; + else + ; /* once more. */ + } else { if (zs.msg) { ipseclog((LOG_ERR, "ipcomp_%scompress: " "%sflate(Z_FINISH): %s\n", -- Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan ume@mahoroba.org ume@bisd.hitachi.co.jp ume@{,jp.}FreeBSD.org http://www.imasy.org/~ume/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message