Date: 04 Aug 2003 12:42:07 -0500 From: Benjamin Lewis <bhlewis@wossname.net> To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-03:08.realpath Message-ID: <1060018927.21860.12.camel@cassandra.itsp.purdue.edu> In-Reply-To: <200308040004.h7404VVL030671@freefall.freebsd.org> References: <200308040004.h7404VVL030671@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 2003-08-03 at 19:04, FreeBSD Security Advisories wrote: > 2) To patch your present system: > > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. The following patch > has been tested to apply to all FreeBSD 4.x releases and to FreeBSD > 5.0-RELEASE. > > # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:08/realpath.patch > # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:08/realpath.patch.asc > > b) Apply the patch. > > # cd /usr/src > # patch < /path/to/patch Is it just me or is the patch referenced above wrong? I followed the instructions above but the patch failed: ##### snip ###### # cd /usr/src-all/current/src # Where my "/usr/src" lives # patch < /tmp/realpath.patch Hmm... Looks like a new-style context diff to me... The text leading up to this was: -------------------------- |Index: lib/libc/stdlib/realpath.c |=================================================================== |RCS file: /home/ncvs/src/lib/libc/stdlib/realpath.c,v |retrieving revision 1.9 |diff -c -c -r1.9 realpath.c |*** lib/libc/stdlib/realpath.c 27 Jan 2000 23:06:50 -0000 1.9 |--- lib/libc/stdlib/realpath.c 3 Aug 2003 17:21:20 -0000 -------------------------- Patching file lib/libc/stdlib/realpath.c using Plan A... Hunk #1 failed at 138. 1 out of 1 hunks failed--saving rejects to lib/libc/stdlib/realpath.c.rej done ##### snip ###### realpath.c.rej contains the entire patch: ##### snip ###### *************** *** 138,144 **** rootd = 0; if (*wbuf) { ! if (strlen(resolved) + strlen(wbuf) + rootd + 1 > MAXPATHLEN) { errno = ENAMETOOLONG; goto err1; } --- 138,145 ---- rootd = 0; if (*wbuf) { ! if (strlen(resolved) + strlen(wbuf) + (1-rootd) + 1 > ! MAXPATHLEN) { errno = ENAMETOOLONG; goto err1; } ##### snip ###### I wasn't really surprised that it failed since it looks like it should apply to crypto/openssh/openbsd-compat/realpath.c rather than lib/libc/stdlib/realpath.c. I assume (from the CVS logs) that cvsup has taken care of the libc version for me. Does the openssh file need to be patched too? -Ben
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1060018927.21860.12.camel>