FreeBSD Security Advisory FreeBSD-SA-03:08.realpath

Benjamin Lewis bhlewis at wossname.net
Mon Aug 4 10:42:09 PDT 2003 

On Sun, 2003-08-03 at 19:04, FreeBSD Security Advisories wrote:

> 2) To patch your present system:
> 
> a) Download the relevant patch from the location below, and verify the
> detached PGP signature using your PGP utility.  The following patch
> has been tested to apply to all FreeBSD 4.x releases and to FreeBSD
> 5.0-RELEASE.
> 
> # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:08/realpath.patch
> # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:08/realpath.patch.asc
> 
> b) Apply the patch.
> 
> # cd /usr/src
> # patch < /path/to/patch

Is it just me or is the patch referenced above wrong? I followed the
instructions above but the patch failed:

##### snip ######
# cd /usr/src-all/current/src    # Where my "/usr/src" lives
# patch < /tmp/realpath.patch 
Hmm...  Looks like a new-style context diff to me...
The text leading up to this was:
--------------------------
|Index: lib/libc/stdlib/realpath.c
|===================================================================
|RCS file: /home/ncvs/src/lib/libc/stdlib/realpath.c,v
|retrieving revision 1.9
|diff -c -c -r1.9 realpath.c
|*** lib/libc/stdlib/realpath.c 27 Jan 2000 23:06:50 -0000      1.9
|--- lib/libc/stdlib/realpath.c 3 Aug 2003 17:21:20 -0000
--------------------------
Patching file lib/libc/stdlib/realpath.c using Plan A...
Hunk #1 failed at 138.
1 out of 1 hunks failed--saving rejects to
lib/libc/stdlib/realpath.c.rej
done
##### snip ######

realpath.c.rej contains the entire patch:

##### snip ######
***************
*** 138,144 ****
                rootd = 0;
  
        if (*wbuf) {
!               if (strlen(resolved) + strlen(wbuf) + rootd + 1 >
MAXPATHLEN) {
                        errno = ENAMETOOLONG;
                        goto err1;
                }
--- 138,145 ----
                rootd = 0;
  
        if (*wbuf) {
!               if (strlen(resolved) + strlen(wbuf) + (1-rootd) + 1 >
!                   MAXPATHLEN) {
                        errno = ENAMETOOLONG;
                        goto err1;
                }

##### snip ######

I wasn't really surprised that it failed since it looks like it should
apply to crypto/openssh/openbsd-compat/realpath.c rather than
lib/libc/stdlib/realpath.c.  I assume (from the CVS logs) that cvsup
has taken care of the libc version for me.  Does the openssh file need
to be patched too?

-Ben

More information about the freebsd-security mailing list