ports/66858: [patch] on freebsd 4.x there is high probability that oidentd can get into infinite loop (this time good patch)
Dariusz Kulinski
takeda3 at netzero.net
Wed May 19 06:30:34 UTC 2004
>Number: 66858
>Category: ports
>Synopsis: [patch] on freebsd 4.x there is high probability that oidentd can get into infinite loop (this time good patch)
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Tue May 18 23:30:12 PDT 2004
>Closed-Date:
>Last-Modified:
>Originator: Dariusz Kulinski
>Release: FreeBSD 4.9-RELEASE-p4 i386
>Organization:
>Environment:
System: FreeBSD freebsd.takeda.tk 4.9-RELEASE-p4 FreeBSD 4.9-RELEASE-p4 #0: Wed Mar 17 22:05:17 PST 2004 root at freebsd.takeda.tk:/usr/obj/usr/src/sys/TUNED i386
>Description:
Last patch to oidentd introduced a bug under freebsd 4.x.
In get_list() function there is do-while loop, patch included additional
continue instructions, which skipped "head = pcbp.inp_list.le_next;"
making oidentd go into infinite loop.
This patch fixes that issue.
>How-To-Repeat:
>Fix:
--- oidentd.patch begins here ---
diff -ru oidentd/files/patch-unprivileged_ipv6 oidentd.new/files/patch-unprivileged_ipv6
--- oidentd/files/patch-unprivileged_ipv6 Sat Mar 20 20:38:56 2004
+++ oidentd.new/files/patch-unprivileged_ipv6 Tue May 18 23:14:34 2004
@@ -1,6 +1,6 @@
diff -ru src.old/kernel/freebsd.c src/kernel/freebsd.c
---- src.old/kernel/freebsd.c Sat Mar 20 20:36:51 2004
-+++ src/kernel/freebsd.c Sat Mar 20 20:37:09 2004
+--- src.old/kernel/freebsd.c Tue May 18 23:12:23 2004
++++ src/kernel/freebsd.c Tue May 18 23:13:45 2004
@@ -159,11 +159,11 @@
#ifdef _HAVE_OLD_INPCB
@@ -38,7 +38,7 @@
pcbp->inp_fport == fport &&
pcbp->inp_lport == lport)
{
-@@ -199,16 +199,33 @@
+@@ -199,28 +199,45 @@
#else
@@ -76,7 +76,10 @@
head = pcbhead->lh_first;
if (head == NULL)
-@@ -218,9 +235,9 @@
+ return (NULL);
+
+- do {
++ for (; head != NULL; head = pcbp.inp_list.le_next) {
if (getbuf((u_long) head, &pcbp, sizeof(struct inpcb)) == -1)
break;
@@ -89,7 +92,7 @@
pcbp.inp_fport == fport &&
pcbp.inp_lport == lport)
{
-@@ -228,8 +245,32 @@
+@@ -228,16 +245,39 @@
}
}
@@ -124,7 +127,16 @@
pcbp.inp_fport == fport &&
pcbp.inp_lport == lport)
{
-@@ -248,7 +289,7 @@
+ return (pcbp.inp_socket);
+ }
+
+- head = pcbp.inp_list.le_next;
+- } while (head != NULL);
++ }
+
+ return (NULL);
+ }
+@@ -248,7 +288,7 @@
** Return the UID of the connection owner
*/
@@ -133,7 +145,7 @@
in_port_t fport,
struct sockaddr_storage *laddr,
struct sockaddr_storage *faddr)
-@@ -276,8 +317,9 @@
+@@ -276,8 +316,9 @@
tcb.inp_prev = (struct inpcb *) kinfo->nl[N_TCB].n_value;
#endif
@@ -145,7 +157,7 @@
if (sockp == NULL)
return (-1);
-@@ -346,6 +388,14 @@
+@@ -346,6 +387,14 @@
return (-1);
}
@@ -160,7 +172,7 @@
#ifdef MASQ_SUPPORT
/*
-@@ -456,36 +506,7 @@
+@@ -456,36 +505,7 @@
struct sockaddr_storage *laddr,
struct sockaddr_storage *faddr)
{
@@ -199,8 +211,8 @@
#endif
diff -ru src.old/kernel/freebsd5.c src/kernel/freebsd5.c
---- src.old/kernel/freebsd5.c Sat Mar 20 20:36:51 2004
-+++ src/kernel/freebsd5.c Sat Mar 20 20:37:13 2004
+--- src.old/kernel/freebsd5.c Tue May 18 23:12:23 2004
++++ src/kernel/freebsd5.c Tue May 18 23:12:46 2004
@@ -160,11 +160,11 @@
#ifdef _HAVE_OLD_INPCB
--- oidentd.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list