bin/151664: [PATCH] route(8): sbin/route/route.c: Incorrect
array bounds checking
Alexey Illarionov
littlesavage at orionet.ru
Tue Nov 2 20:10:12 UTC 2010
The following reply was made to PR bin/151664; it has been noted by GNATS.
From: Alexey Illarionov <littlesavage at orionet.ru>
To: bug-followup at FreeBSD.org
Cc:
Subject: Re: bin/151664: [PATCH] route(8): sbin/route/route.c: Incorrect array
bounds checking
Date: Tue, 02 Nov 2010 22:42:05 +0300
This is a cryptographically signed message in MIME format.
--------------ms020802020500050608040702
Content-Type: text/plain; charset=KOI8-R; format=flowed
Content-Transfer-Encoding: quoted-printable
Hi
I have reported this problem to OpenBSD team too (user/6500).
They added some checks for rtsock messages in kernel:
http://kerneltrap.org/mailarchive/openbsd-source-changes/2010/10/25/68900=
78
http://kerneltrap.org/mailarchive/openbsd-source-changes/2010/10/28/68901=
67
--------------ms020802020500050608040702
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIVMjCC
BqIwggWKoAMCAQICAwDRMjANBgkqhkiG9w0BAQUFADCBjDELMAkGA1UEBhMCSUwxFjAUBgNV
BAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRl
IFNpZ25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENsYXNzIDEgUHJpbWFyeSBJbnRlcm1lZGlh
dGUgQ2xpZW50IENBMB4XDTA5MTIxODAzNTEwN1oXDTEwMTIxOTE5MDA1MVowgZUxIDAeBgNV
BA0TFzExNTM5NS16NXZCN20zYWFualY2V0ZTMR4wHAYDVQQKExVQZXJzb25hIE5vdCBWYWxp
ZGF0ZWQxKTAnBgNVBAMTIFN0YXJ0Q29tIEZyZWUgQ2VydGlmaWNhdGUgTWVtYmVyMSYwJAYJ
KoZIhvcNAQkBFhdsaXR0bGVzYXZhZ2VAb3Jpb25ldC5ydTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAK6YJvopM4ZRqdBCcxY4t1S/ggmk8dO8soy1ONEB8J1dDMUEBMsEeG7H
iCWskzOjbHbXy12ZreakqUFs9rs8gLD597ROrpd8A465j0snwGsSBW8PZicJeYb9PE2LLVh8
t9eAWEqEiCf+tUbPpcMCg2iguJY32fhPdKHaCBaUht4QIt4x5EUxsSPp8mKDK3EnqbqXzHNT
uDI7pXYV+se1h+p3Ma2WxuGARvvFmtgCnK2sPfHKeDfWDVGO03ztrbIR34VxwP0xxSAb0kcJ
axS5QOHjjbVevLyJ3vh65yZADZIL0paRxN/bxfSv/4KencjpM8QP7j4DMM9s+gRL50C5ZA8C
AwEAAaOCAwAwggL8MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdJQQWMBQGCCsGAQUF
BwMCBggrBgEFBQcDBDAdBgNVHQ4EFgQUp6RzBNl6KxD6ESlaK1NduaUl5FowHwYDVR0jBBgw
FoAUU3Ltkpzg2ssBXHx+ljVO8tS4UYIwIgYDVR0RBBswGYEXbGl0dGxlc2F2YWdlQG9yaW9u
ZXQucnUwggFCBgNVHSAEggE5MIIBNTCCATEGCysGAQQBgbU3AQIBMIIBIDAuBggrBgEFBQcC
ARYiaHR0cDovL3d3dy5zdGFydHNzbC5jb20vcG9saWN5LnBkZjA0BggrBgEFBQcCARYoaHR0
cDovL3d3dy5zdGFydHNzbC5jb20vaW50ZXJtZWRpYXRlLnBkZjCBtwYIKwYBBQUHAgIwgaow
FBYNU3RhcnRDb20gTHRkLjADAgEBGoGRTGltaXRlZCBMaWFiaWxpdHksIHNlZSBzZWN0aW9u
ICpMZWdhbCBMaW1pdGF0aW9ucyogb2YgdGhlIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0
aG9yaXR5IFBvbGljeSBhdmFpbGFibGUgYXQgaHR0cDovL3d3dy5zdGFydHNzbC5jb20vcG9s
aWN5LnBkZjBjBgNVHR8EXDBaMCugKaAnhiVodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9jcnR1
MS1jcmwuY3JsMCugKaAnhiVodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9jcnR1MS1jcmwuY3Js
MIGOBggrBgEFBQcBAQSBgTB/MDkGCCsGAQUFBzABhi1odHRwOi8vb2NzcC5zdGFydHNzbC5j
b20vc3ViL2NsYXNzMS9jbGllbnQvY2EwQgYIKwYBBQUHMAKGNmh0dHA6Ly93d3cuc3RhcnRz
c2wuY29tL2NlcnRzL3N1Yi5jbGFzczEuY2xpZW50LmNhLmNydDAjBgNVHRIEHDAahhhodHRw
Oi8vd3d3LnN0YXJ0c3NsLmNvbS8wDQYJKoZIhvcNAQEFBQADggEBAAuawGKKweHqXzNHYEp2
GOt2ezkpAnZJO5585C5DV0NxOmA54/tblVyLkelEp15jCxFptq+U0dFUgKVeT4RgyXtjl3J6
L2jYp7k3T6F9gbMe4FgTZcqItyoOSCM+KTrwUV9bBkIyt9vh5DONcG2H21X9QYfpGuMfDn49
1li9I6AtHDPRVzbTQ7DCgEXuq8dVm8X2TdykFwUsW7QMFMNyWZQgvcqI6vt1TRTC0NMLPywo
34sEJRZZ6OeQOIbiI4nOqieDG6UyUhGCQ12uH1C2J7L8mPTSI8HTNPrDD1plRpFcvP94AYpC
XBA21pPkUS+VERCO9lDKmP3+Yv8C+cRzi6cwggaiMIIFiqADAgECAgMA0TIwDQYJKoZIhvcN
AQEFBQAwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQL
EyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENv
bSBDbGFzcyAxIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTAeFw0wOTEyMTgwMzUx
MDdaFw0xMDEyMTkxOTAwNTFaMIGVMSAwHgYDVQQNExcxMTUzOTUtejV2QjdtM2FhbmpWNldG
UzEeMBwGA1UEChMVUGVyc29uYSBOb3QgVmFsaWRhdGVkMSkwJwYDVQQDEyBTdGFydENvbSBG
cmVlIENlcnRpZmljYXRlIE1lbWJlcjEmMCQGCSqGSIb3DQEJARYXbGl0dGxlc2F2YWdlQG9y
aW9uZXQucnUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCumCb6KTOGUanQQnMW
OLdUv4IJpPHTvLKMtTjRAfCdXQzFBATLBHhux4glrJMzo2x218tdma3mpKlBbPa7PICw+fe0
Tq6XfAOOuY9LJ8BrEgVvD2YnCXmG/TxNiy1YfLfXgFhKhIgn/rVGz6XDAoNooLiWN9n4T3Sh
2ggWlIbeECLeMeRFMbEj6fJigytxJ6m6l8xzU7gyO6V2FfrHtYfqdzGtlsbhgEb7xZrYApyt
rD3xyng31g1RjtN87a2yEd+FccD9McUgG9JHCWsUuUDh4421Xry8id74eucmQA2SC9KWkcTf
28X0r/+Cnp3I6TPED+4+AzDPbPoES+dAuWQPAgMBAAGjggMAMIIC/DAJBgNVHRMEAjAAMAsG
A1UdDwQEAwIEsDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwHQYDVR0OBBYEFKek
cwTZeisQ+hEpWitTXbmlJeRaMB8GA1UdIwQYMBaAFFNy7ZKc4NrLAVx8fpY1TvLUuFGCMCIG
A1UdEQQbMBmBF2xpdHRsZXNhdmFnZUBvcmlvbmV0LnJ1MIIBQgYDVR0gBIIBOTCCATUwggEx
BgsrBgEEAYG1NwECATCCASAwLgYIKwYBBQUHAgEWImh0dHA6Ly93d3cuc3RhcnRzc2wuY29t
L3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL2ludGVy
bWVkaWF0ZS5wZGYwgbcGCCsGAQUFBwICMIGqMBQWDVN0YXJ0Q29tIEx0ZC4wAwIBARqBkUxp
bWl0ZWQgTGlhYmlsaXR5LCBzZWUgc2VjdGlvbiAqTGVnYWwgTGltaXRhdGlvbnMqIG9mIHRo
ZSBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBQb2xpY3kgYXZhaWxhYmxlIGF0
IGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwYwYDVR0fBFwwWjAroCmgJ4Yl
aHR0cDovL3d3dy5zdGFydHNzbC5jb20vY3J0dTEtY3JsLmNybDAroCmgJ4YlaHR0cDovL2Ny
bC5zdGFydHNzbC5jb20vY3J0dTEtY3JsLmNybDCBjgYIKwYBBQUHAQEEgYEwfzA5BggrBgEF
BQcwAYYtaHR0cDovL29jc3Auc3RhcnRzc2wuY29tL3N1Yi9jbGFzczEvY2xpZW50L2NhMEIG
CCsGAQUFBzAChjZodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9jZXJ0cy9zdWIuY2xhc3MxLmNs
aWVudC5jYS5jcnQwIwYDVR0SBBwwGoYYaHR0cDovL3d3dy5zdGFydHNzbC5jb20vMA0GCSqG
SIb3DQEBBQUAA4IBAQALmsBiisHh6l8zR2BKdhjrdns5KQJ2STuefOQuQ1dDcTpgOeP7W5Vc
i5HpRKdeYwsRabavlNHRVIClXk+EYMl7Y5dyei9o2Ke5N0+hfYGzHuBYE2XKiLcqDkgjPik6
8FFfWwZCMrfb4eQzjXBth9tV/UGH6RrjHw5+PdZYvSOgLRwz0Vc200OwwoBF7qvHVZvF9k3c
pBcFLFu0DBTDclmUIL3KiOr7dU0UwtDTCz8sKN+LBCUWWejnkDiG4iOJzqongxulMlIRgkNd
rh9Qtiey/Jj00iPB0zT6ww9aZUaRXLz/eAGKQlwQNtaT5FEvlREQjvZQypj9/mL/AvnEc4un
MIIH4jCCBcqgAwIBAgIBDTANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEWMBQGA1UE
ChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUg
U2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcN
MDcxMDI0MjEwMTU0WhcNMTIxMDIyMjEwMTU0WjCBjDELMAkGA1UEBhMCSUwxFjAUBgNVBAoT
DVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNp
Z25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENsYXNzIDEgUHJpbWFyeSBJbnRlcm1lZGlhdGUg
Q2xpZW50IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxwmDzM4t2BqxKaQu
E6uWvooyg4ymiEGWVUet1G8SD+rqvyNH4QrvnEIaFHxOhESip7vMz39ScLpNLbL1QpOlPW/t
FIzNHS3qd2XRNYG5Sv9RcGE+T4qbLtsjjJbi6sL7Ls/f/X9ftTyhxvxWkf8KW37iKrueKsxw
2HqolH7GM6FX5UfNAwAu4ZifkpmZzU1slBhyWwaQPEPPZRsWoTb7q8hmgv6Nv3Hg9rmA1/VP
BIOQ6SKRkHXG0Hhmq1dOFoAFI411+a/9nWm5rcVjGcIWZ2v/43Yksq60jExipA4l5uv9/+Hm
33mbgmCszdj/Dthf13tgAv2O83hLJ0exTqfrlwIDAQABo4IDWzCCA1cwDAYDVR0TBAUwAwEB
/zALBgNVHQ8EBAMCAaYwHQYDVR0OBBYEFFNy7ZKc4NrLAVx8fpY1TvLUuFGCMIGoBgNVHSME
gaAwgZ2AFE4L7xqkQFulF2mHMMo0aEPQQa7yoYGBpH8wfTELMAkGA1UEBhMCSUwxFjAUBgNV
BAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRl
IFNpZ25pbmcxKTAnBgNVBAMTIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEB
MAkGA1UdEgQCMAAwPQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzAChiFodHRwOi8vd3d3LnN0
YXJ0c3NsLmNvbS9zZnNjYS5jcnQwYAYDVR0fBFkwVzAsoCqgKIYmaHR0cDovL2NlcnQuc3Rh
cnRjb20ub3JnL3Nmc2NhLWNybC5jcmwwJ6AloCOGIWh0dHA6Ly9jcmwuc3RhcnRzc2wuY29t
L3Nmc2NhLmNybDCCAV0GA1UdIASCAVQwggFQMIIBTAYLKwYBBAGBtTcBAQQwggE7MC8GCCsG
AQUFBwIBFiNodHRwOi8vY2VydC5zdGFydGNvbS5vcmcvcG9saWN5LnBkZjA1BggrBgEFBQcC
ARYpaHR0cDovL2NlcnQuc3RhcnRjb20ub3JnL2ludGVybWVkaWF0ZS5wZGYwgdAGCCsGAQUF
BwICMIHDMCcWIFN0YXJ0IENvbW1lcmNpYWwgKFN0YXJ0Q29tKSBMdGQuMAMCAQEagZdMaW1p
dGVkIExpYWJpbGl0eSwgcmVhZCB0aGUgc2VjdGlvbiAqTGVnYWwgTGltaXRhdGlvbnMqIG9m
IHRoZSBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBQb2xpY3kgYXZhaWxhYmxl
IGF0IGh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9wb2xpY3kucGRmMBEGCWCGSAGG+EIBAQQE
AwIABzBQBglghkgBhvhCAQ0EQxZBU3RhcnRDb20gQ2xhc3MgMSBQcmltYXJ5IEludGVybWVk
aWF0ZSBGcmVlIFNTTCBFbWFpbCBDZXJ0aWZpY2F0ZXMwDQYJKoZIhvcNAQEFBQADggIBAKqa
4eBbjM4dG/wdxiwwIKC3kyb98QK2zREovyn/xzDP/4H/Bc8FFDTgoJR+nX2Li0EP3U7TsjG+
CaIi90+8YlShADpkPrfm/8SzjGtJtfM6EaluJOhpcqMr3OyzK3aYGJP5RIeZ6vLT3fQaDZsI
ooXl6YSFR/0HpU4FJDc0wuyFaZmFbCrjTp8RNYyRWTTX6mWSv+TraOwuj3zrrddSpgUEi2Wq
wM9G/5o4IXQbGHx7oXTvL6zrw9IOYO3QOKZDgFNhHeKUgqMAUiLcg/+WhcGe+Y4umKuxghtw
aYsgD/bLfIfop3NC/u5JqwDCWizAJruhmbOV4LG859MFCb2w/YeY55zDPVGmQ3MZdriwdOKr
hlFjOjYihmm28UHOvND2G3kK0LvnuieLqjQMc6GuUcZAQOWv96pW4BfbiQXpAqibMMeb0PZI
Sa7PFEzGiBc2xAuVRkM4kB9/+iieA1D/OTiRJwsf6rkoVgOsN9fCw522tzOmuVfiqDS4bFYv
00sX/dFGwasHUUf3DsLhpDSYdejb74SKjtuqLDIOuAm2bA1axA6+7kjFeNIngSU6OPSMre+x
Ajoc/6coaMGthFD+mimr/i/8F8wDwdyzas7oxkdCtaW8hVir8mJnbp4CbckllDMPkeQ6qQNm
xSDhOeqX1jyx2cTi/vPq+/TyxV/stlehMYID0DCCA8wCAQEwgZQwgYwxCzAJBgNVBAYTAklM
MRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0
aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAxIFByaW1hcnkgSW50
ZXJtZWRpYXRlIENsaWVudCBDQQIDANEyMAkGBSsOAwIaBQCgggIQMBgGCSqGSIb3DQEJAzEL
BgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTEwMTEwMjE5NDIwNVowIwYJKoZIhvcNAQkE
MRYEFLpqYvxn7nfppXunKyp5AzpQ+dErMF8GCSqGSIb3DQEJDzFSMFAwCwYJYIZIAWUDBAEC
MAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzAN
BggqhkiG9w0DAgIBKDCBpQYJKwYBBAGCNxAEMYGXMIGUMIGMMQswCQYDVQQGEwJJTDEWMBQG
A1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNh
dGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMSBQcmltYXJ5IEludGVybWVk
aWF0ZSBDbGllbnQgQ0ECAwDRMjCBpwYLKoZIhvcNAQkQAgsxgZeggZQwgYwxCzAJBgNVBAYT
AklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBD
ZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAxIFByaW1hcnkg
SW50ZXJtZWRpYXRlIENsaWVudCBDQQIDANEyMA0GCSqGSIb3DQEBAQUABIIBAKeAmzQpcVKi
i06hiXIYsYHshgcCcYISnUhqeN7M9z3R52i9gCoOS/pq5gmvqUV9NNZIfye+iD/Vh0G3/hEN
Uvmh2zjC9WszkqjHhrwC+5E/U7LWILbWchZ1BYpJDdX5c6hQHAypVJ//6kjpC9u/cRfGXHf4
SnIfBHkPiQ6T7rVoF9bD7YPURH+YRpIBJQLvOHOO/8AblUq0vvWn+gQjsGc3k4Lz/JzMYBNY
IMjLmp3nAxvWzJToEE1L7JwDol3lykOR/vMvGUsboUsrSVBspdYEcv5c29HLk/biE13orDDH
LsNEbILDI/7tKkNgWFy05JdPppDTW2pMBSoZFsJUYFAAAAAAAAA=
--------------ms020802020500050608040702--
More information about the freebsd-bugs
mailing list