ports/66858: [patch] on freebsd 4.x there is high probability that oidentd can get into infinite loop (this time good patch)

Dariusz Kulinski takeda3 at netzero.net
Wed May 19 06:30:34 UTC 2004 

>Number:         66858
>Category:       ports
>Synopsis:       [patch] on freebsd 4.x there is high probability that oidentd can get into infinite loop (this time good patch)
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Tue May 18 23:30:12 PDT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Dariusz Kulinski
>Release:        FreeBSD 4.9-RELEASE-p4 i386
>Organization:
>Environment:
System: FreeBSD freebsd.takeda.tk 4.9-RELEASE-p4 FreeBSD 4.9-RELEASE-p4 #0: Wed Mar 17 22:05:17 PST 2004 root at freebsd.takeda.tk:/usr/obj/usr/src/sys/TUNED i386


	
>Description:
	Last patch to oidentd introduced a bug under freebsd 4.x.
	In get_list() function there is do-while loop, patch included additional
	continue instructions, which skipped "head = pcbp.inp_list.le_next;"
	making oidentd go into infinite loop.
	This patch fixes that issue. 
>How-To-Repeat:
	
>Fix:

	

--- oidentd.patch begins here ---
diff -ru oidentd/files/patch-unprivileged_ipv6 oidentd.new/files/patch-unprivileged_ipv6
--- oidentd/files/patch-unprivileged_ipv6	Sat Mar 20 20:38:56 2004
+++ oidentd.new/files/patch-unprivileged_ipv6	Tue May 18 23:14:34 2004
@@ -1,6 +1,6 @@
 diff -ru src.old/kernel/freebsd.c src/kernel/freebsd.c
---- src.old/kernel/freebsd.c	Sat Mar 20 20:36:51 2004
-+++ src/kernel/freebsd.c	Sat Mar 20 20:37:09 2004
+--- src.old/kernel/freebsd.c	Tue May 18 23:12:23 2004
++++ src/kernel/freebsd.c	Tue May 18 23:13:45 2004
 @@ -159,11 +159,11 @@
  
  #ifdef _HAVE_OLD_INPCB
@@ -38,7 +38,7 @@
  			pcbp->inp_fport == fport &&
  			pcbp->inp_lport == lport)
  		{
-@@ -199,16 +199,33 @@
+@@ -199,28 +199,45 @@
  
  #else
  
@@ -76,7 +76,10 @@
  
  	head = pcbhead->lh_first;
  	if (head == NULL)
-@@ -218,9 +235,9 @@
+ 		return (NULL);
+ 
+-	do {
++	for (; head != NULL; head = pcbp.inp_list.le_next) {
  		if (getbuf((u_long) head, &pcbp, sizeof(struct inpcb)) == -1)
  			break;
  
@@ -89,7 +92,7 @@
  				pcbp.inp_fport == fport &&
  				pcbp.inp_lport == lport)
  			{
-@@ -228,8 +245,32 @@
+@@ -228,16 +245,39 @@
  			}
  		}
  
@@ -124,7 +127,16 @@
  			pcbp.inp_fport == fport &&
  			pcbp.inp_lport == lport)
  		{
-@@ -248,7 +289,7 @@
+ 			return (pcbp.inp_socket);
+ 		}
+ 
+-		head = pcbp.inp_list.le_next;
+-	} while (head != NULL);
++	}
+ 
+ 	return (NULL);
+ }
+@@ -248,7 +288,7 @@
  ** Return the UID of the connection owner
  */
  
@@ -133,7 +145,7 @@
  				in_port_t fport,
  				struct sockaddr_storage *laddr,
  				struct sockaddr_storage *faddr)
-@@ -276,8 +317,9 @@
+@@ -276,8 +316,9 @@
  	tcb.inp_prev = (struct inpcb *) kinfo->nl[N_TCB].n_value;
  #endif
  
@@ -145,7 +157,7 @@
  
  	if (sockp == NULL)
  		return (-1);
-@@ -346,6 +388,14 @@
+@@ -346,6 +387,14 @@
  	return (-1);
  }
  
@@ -160,7 +172,7 @@
  #ifdef MASQ_SUPPORT
  
  /*
-@@ -456,36 +506,7 @@
+@@ -456,36 +505,7 @@
  				struct sockaddr_storage *laddr,
  				struct sockaddr_storage *faddr)
  {
@@ -199,8 +211,8 @@
  
  #endif
 diff -ru src.old/kernel/freebsd5.c src/kernel/freebsd5.c
---- src.old/kernel/freebsd5.c	Sat Mar 20 20:36:51 2004
-+++ src/kernel/freebsd5.c	Sat Mar 20 20:37:13 2004
+--- src.old/kernel/freebsd5.c	Tue May 18 23:12:23 2004
++++ src/kernel/freebsd5.c	Tue May 18 23:12:46 2004
 @@ -160,11 +160,11 @@
  
  #ifdef _HAVE_OLD_INPCB
--- oidentd.patch ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list