From owner-freebsd-security@FreeBSD.ORG Mon Aug 4 10:42:09 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 10E7D37B401 for ; Mon, 4 Aug 2003 10:42:09 -0700 (PDT) Received: from cassandra.itsp.purdue.edu (cassandra.itsp.purdue.edu [128.210.177.189]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3136A43FB1 for ; Mon, 4 Aug 2003 10:42:08 -0700 (PDT) (envelope-from bhlewis@wossname.net) Received: from localhost (cassandra.itsp.purdue.edu [127.0.0.1]) h74Hg7bH022062 for ; Mon, 4 Aug 2003 12:42:07 -0500 From: Benjamin Lewis To: freebsd-security@freebsd.org In-Reply-To: <200308040004.h7404VVL030671@freefall.freebsd.org> References: <200308040004.h7404VVL030671@freefall.freebsd.org> Content-Type: text/plain Message-Id: <1060018927.21860.12.camel@cassandra.itsp.purdue.edu> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.0 Date: 04 Aug 2003 12:42:07 -0500 Content-Transfer-Encoding: 7bit Subject: Re: FreeBSD Security Advisory FreeBSD-SA-03:08.realpath X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Aug 2003 17:42:09 -0000 On Sun, 2003-08-03 at 19:04, FreeBSD Security Advisories wrote: > 2) To patch your present system: > > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. The following patch > has been tested to apply to all FreeBSD 4.x releases and to FreeBSD > 5.0-RELEASE. > > # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:08/realpath.patch > # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:08/realpath.patch.asc > > b) Apply the patch. > > # cd /usr/src > # patch < /path/to/patch Is it just me or is the patch referenced above wrong? I followed the instructions above but the patch failed: ##### snip ###### # cd /usr/src-all/current/src # Where my "/usr/src" lives # patch < /tmp/realpath.patch Hmm... Looks like a new-style context diff to me... The text leading up to this was: -------------------------- |Index: lib/libc/stdlib/realpath.c |=================================================================== |RCS file: /home/ncvs/src/lib/libc/stdlib/realpath.c,v |retrieving revision 1.9 |diff -c -c -r1.9 realpath.c |*** lib/libc/stdlib/realpath.c 27 Jan 2000 23:06:50 -0000 1.9 |--- lib/libc/stdlib/realpath.c 3 Aug 2003 17:21:20 -0000 -------------------------- Patching file lib/libc/stdlib/realpath.c using Plan A... Hunk #1 failed at 138. 1 out of 1 hunks failed--saving rejects to lib/libc/stdlib/realpath.c.rej done ##### snip ###### realpath.c.rej contains the entire patch: ##### snip ###### *************** *** 138,144 **** rootd = 0; if (*wbuf) { ! if (strlen(resolved) + strlen(wbuf) + rootd + 1 > MAXPATHLEN) { errno = ENAMETOOLONG; goto err1; } --- 138,145 ---- rootd = 0; if (*wbuf) { ! if (strlen(resolved) + strlen(wbuf) + (1-rootd) + 1 > ! MAXPATHLEN) { errno = ENAMETOOLONG; goto err1; } ##### snip ###### I wasn't really surprised that it failed since it looks like it should apply to crypto/openssh/openbsd-compat/realpath.c rather than lib/libc/stdlib/realpath.c. I assume (from the CVS logs) that cvsup has taken care of the libc version for me. Does the openssh file need to be patched too? -Ben