svn commit: r49715 - in head/share/security: advisories patches/SA-16:37
Gleb Smirnoff
glebius at FreeBSD.org
Thu Dec 8 03:59:24 UTC 2016
Author: glebius (src committer)
Date: Thu Dec 8 03:59:23 2016
New Revision: 49715
URL: https://svnweb.freebsd.org/changeset/doc/49715
Log:
Revised SA-16:37, addressing regressions from initial SA.
Added:
head/share/security/patches/SA-16:37/libc-inc.patch (contents, props changed)
head/share/security/patches/SA-16:37/libc-inc.patch.asc (contents, props changed)
Modified:
head/share/security/advisories/FreeBSD-SA-16:37.libc.asc
head/share/security/patches/SA-16:37/libc.patch
head/share/security/patches/SA-16:37/libc.patch.asc
Modified: head/share/security/advisories/FreeBSD-SA-16:37.libc.asc
==============================================================================
--- head/share/security/advisories/FreeBSD-SA-16:37.libc.asc Wed Dec 7 19:03:09 2016 (r49714)
+++ head/share/security/advisories/FreeBSD-SA-16:37.libc.asc Thu Dec 8 03:59:23 2016 (r49715)
@@ -9,22 +9,27 @@ Topic: link_ntoa(3) buffer over
Category: core
Module: libc
-Announced: 2016-12-06
+Announced: 2016-12-06, revised on 2016-12-08
Affects: All supported versions of FreeBSD.
-Corrected: 2016-12-06 18:53:21 UTC (stable/11, 11.0-STABLE)
- 2016-12-06 18:49:38 UTC (releng/11.0, 11.0-RELEASE-p4)
- 2016-12-06 18:53:46 UTC (stable/10, 10.3-STABLE)
- 2016-12-06 18:49:48 UTC (releng/10.3, 10.3-RELEASE-p13)
- 2016-12-06 18:49:54 UTC (releng/10.2, 10.2-RELEASE-p26)
- 2016-12-06 18:49:59 UTC (releng/10.1, 10.1-RELEASE-p43)
- 2016-12-06 18:54:04 UTC (stable/9, 9.3-STABLE)
- 2016-12-06 18:50:06 UTC (releng/9.3, 9.3-RELEASE-p51)
+Corrected: 2016-12-07 23:19:46 UTC (stable/11, 11.0-STABLE)
+ 2016-12-07 23:29:42 UTC (releng/11.0, 11.0-RELEASE-p5)
+ 2016-12-07 23:20:26 UTC (stable/10, 10.3-STABLE)
+ 2016-12-07 23:31:07 UTC (releng/10.3, 10.3-RELEASE-p14)
+ 2016-12-07 23:32:42 UTC (releng/10.2, 10.2-RELEASE-p27)
+ 2016-12-07 23:34:06 UTC (releng/10.1, 10.1-RELEASE-p44)
+ 2016-12-07 23:20:50 UTC (stable/9, 9.3-STABLE)
+ 2016-12-07 23:35:15 UTC (releng/9.3, 9.3-RELEASE-p52)
CVE Name: CVE-2016-6559
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
+0. Revision history.
+
+v1.0 2016-12-06 Initial release.
+v1.1 2016-12-08 Revised patches to address regressions.
+
I. Background
The link_ntoa(3) function generates ASCII representation of a link-level
@@ -73,10 +78,21 @@ FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
+[*** v1.1 NOTE ***] If your sources are not yet patched using the initially
+published patch, then you need to apply libc.patch. If your sources are
+already updated, or patched with patch from the initial advisory, then you
+need to apply the incremental patch, named libc-inc.patch.
+
+[FreeBSD system, not patched with initial SA-16:37 patch]
# fetch https://security.FreeBSD.org/patches/SA-16:37/libc.patch
# fetch https://security.FreeBSD.org/patches/SA-16:37/libc.patch.asc
# gpg --verify libc.patch.asc
+[FreeBSD system, initial SA-16:37 patch already applied]
+# fetch https://security.FreeBSD.org/patches/SA-16:37/libc-inc.patch
+# fetch https://security.FreeBSD.org/patches/SA-16:37/libc-inc.patch.asc
+# gpg --verify libc-inc.patch.asc
+
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
@@ -94,14 +110,14 @@ affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
-stable/9/ r309646
-releng/9.3/ r309637
-stable/10/ r309645
-releng/10.1/ r309636
-releng/10.2/ r309635
-releng/10.3/ r309634
-stable/11/ r309644
-releng/11.0/ r309633
+stable/9/ r309691
+releng/9.3/ r309697
+stable/10/ r309690
+releng/10.1/ r309696
+releng/10.2/ r309694
+releng/10.3/ r309693
+stable/11/ r309689
+releng/11.0/ r309692
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
@@ -118,22 +134,23 @@ VII. References
<URL:http://www.kb.cert.org/vuls/id/548487>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6559>
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=215105>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:37.libc.asc>
-----BEGIN PGP SIGNATURE-----
-iQIcBAEBCgAGBQJYRw1vAAoJEO1n7NZdz2rnk5sP/18NuTRoit3jfa1uHCYMyTOB
-vOGtNtn5xs8NNY4wAdYx2cF3CscTZEWyQtXWsMWzXgbWI0KrWteacGDaDlFwraCu
-9/TJmkCQC5FCfYsgQFOpOPtMl9W+gY2ZrmEPXsfc/smjvIas3fPCBjnoRM2qQlfc
-25YIut+S6OFhm2XM42t/jljbLs6b/PJikeKt7kEEEjKKXWHNwLEYjbtEyelKxD1i
-1IBVe4Run2RajERg99yCznAGGvRo2hbGmnV59kDAilanJK+s3pzCOBFdnKyZd/2l
-Ie8B/fKEXRJyFgJF7A9eSuElTV5fCFfX05AC3PXMoi+GsVPQqhEpNb1FvJoANiFL
-l61nbqkM5KEteIWvf1udHZo6kjhYY4YlvutXW7o41XaUhnaO3dC+4+VpfTycH/no
-j8kVFS1Y9oun31TTZ/+aQqnCfozAMKFaZtrZI3UkSR1kjz5Z5Rqrc4isBhXXP1dQ
-QC87THCyW2D1+E0LvMyJEWKtjGMd8OO5KZjvTxcmxDSrqEOn+yGT1Lp8G/NLuQ4D
-zcarPPl2eE0bikvL/T/k7OdpplTDXoaCOHiMIr02WpbJwipw6HD4FZrg1IQu/Db9
-2cHihr/tS1mbr7k/VKUyIZvQQhZ9j72m4wwBk0CFEG8DeZtMeSum1xgLTEjUerHe
-rWrKG2feWv//R0BvVNhu
-=8y53
+iQIcBAEBCgAGBQJYSNoxAAoJEO1n7NZdz2rnQfQP/0oJ8WdTTVMpjEHRBQ7WbayB
+f7Y8MeVFErNLL8caQDxRyiF/ex07m5m2morik84ggDTkHiWnllaP0H3MadivP9Ly
+XspViMU73r49PmYTAsrMARyW2ncufgGpsvaEcVOVKEAiwcm0ATu7gnTf+cyrfWoe
+k9HlTS18bN18zQ/FFSJPjmIsTh8Cb+cdF6SrVEt7bIcoVzZWMU/sDJP9JDnRFa3+
+o7bWDQg3kfA8k3XEzrL9FSO52Sr9jNslZGAaycFFQjxecgC/05mTbqPsJOpdhkaC
+mfcARX/8+iwxsE/3h7R5OK6vsu6piUE6vi8HsnTwK7ZMz/IYkPpe4C9WroRYAG29
+mqBl+qdVElk/DXPgsz6F7PHqG3SUY3Kkn/bMGT4B3yLjNvWs4+pjh74uyvVLPKkQ
+meQEs3VLl+c0VkpAxbieMS1KChJwBAKAD7Cevg83YfosC8/LFRoqS6kofjXjVqCd
+dd0cSWyOE6y/eFy2187lncnz1BNW1Eg8AEH02vEkXOI5hrnhmO6t0cH9dQcj3nHa
+6yULqFHJJJGsGqPD1/FkXjn7hAMKsMMROCGpY0txNVA2a3Z6zf593nZL7Vr1nPy7
+7C7/sKToSilR3OJGoSFxNlRHqkgb08dQOzsof/355M94baKw82QAULuQoOBYu0DU
+PZ21bNtGfZSN4rThyVuQ
+=Id1+
-----END PGP SIGNATURE-----
Added: head/share/security/patches/SA-16:37/libc-inc.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/SA-16:37/libc-inc.patch Thu Dec 8 03:59:23 2016 (r49715)
@@ -0,0 +1,43 @@
+--- lib/libc/net/linkaddr.c.orig
++++ lib/libc/net/linkaddr.c
+@@ -125,7 +125,7 @@
+ static char obuf[64];
+ _Static_assert(sizeof(obuf) >= IFNAMSIZ + 20, "obuf is too small");
+ char *out;
+- const char *in, *inlim;
++ const u_char *in, *inlim;
+ int namelen, i, rem;
+
+ namelen = (sdl->sdl_nlen <= IFNAMSIZ) ? sdl->sdl_nlen : IFNAMSIZ;
+@@ -142,11 +142,11 @@
+ }
+ }
+
+- in = (const char *)sdl->sdl_data + sdl->sdl_nlen;
++ in = (const u_char *)sdl->sdl_data + sdl->sdl_nlen;
+ inlim = in + sdl->sdl_alen;
+
+ while (in < inlim && rem > 1) {
+- if (in != (const char *)sdl->sdl_data + sdl->sdl_nlen) {
++ if (in != (const u_char *)sdl->sdl_data + sdl->sdl_nlen) {
+ *out++ = '.';
+ rem--;
+ }
+@@ -154,15 +154,14 @@
+ if (i > 0xf) {
+ if (rem < 3)
+ break;
++ *out++ = hexlist[i >> 4];
+ *out++ = hexlist[i & 0xf];
+- i >>= 4;
+- *out++ = hexlist[i];
+ rem -= 2;
+ } else {
+ if (rem < 2)
+ break;
+ *out++ = hexlist[i];
+- rem++;
++ rem--;
+ }
+ }
+ *out = 0;
Added: head/share/security/patches/SA-16:37/libc-inc.patch.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/SA-16:37/libc-inc.patch.asc Thu Dec 8 03:59:23 2016 (r49715)
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAABCgAGBQJYSNpCAAoJEO1n7NZdz2rnQhwQAIB9bWgYA4tn7fHwbpmEZrrz
+9clKJ+DUrINrgjD4R5J52b2vTirwSX+jLhwcblDcFz85VeoIc8xDPpd8rvFa9znC
+UZ2SBI0itfVZQkEGu+uEJE+9QdEr2jbwq1LIr3Ye3SECQJORlg11detvPEbNyDvm
+20DrfR+BPFvDSGKGEbKvegGaPUTv+MYXx3Km4jiXDB/Bo7lUjmE/mdIZszskzJpM
+AKx4moCR0Wep73vxGOhi2GArf+p4ZUe9eu0wdU/NTKzYH5DdjGnV+bNam2SdpgDT
+rMfrvpUJ+uqdZ1cj7yCsPjuKzskKdWihOCD+vHS3rC00ggYCQv5gnnnyo08z4qRE
+e0yU/4lj68i0X1E6gUIvATW7Y4r4EqX5xNl/nKfpgFQSqJRtZGbmlUH/7eni82Fh
+W3BKZsUyTtZJIod+SlmEloOlsqpRpL+ePSKXv5e0vLq6pr4tdLFFrPaKsi+6AbFO
+mfVSHGJIdB7WUaau34ymhpyb1SI1qrEoNNoYki6SNfuXsghgQKgghwl0cWpJEsUp
+Atg+BQH7ea2sPQh9BXqsiSiUb6wuyi/JHeuBQ4pQcKzyf7RuyxaA7rtr2p0w+UBG
+MRgceUP4H8XxCCltddq2WrNTB5dmac0t5ehYO8eJpQgtWPsl8yG5PldHkXWkhEa6
+gJVPBsoQJObVrkM/PXrl
+=/W0I
+-----END PGP SIGNATURE-----
Modified: head/share/security/patches/SA-16:37/libc.patch
==============================================================================
--- head/share/security/patches/SA-16:37/libc.patch Wed Dec 7 19:03:09 2016 (r49714)
+++ head/share/security/patches/SA-16:37/libc.patch Thu Dec 8 03:59:23 2016 (r49715)
@@ -8,7 +8,7 @@
#include <net/if_dl.h>
#include <string.h>
-@@ -122,31 +123,47 @@
+@@ -122,31 +123,46 @@
link_ntoa(const struct sockaddr_dl *sdl)
{
static char obuf[64];
@@ -19,7 +19,7 @@
- int firsttime = 1;
+ _Static_assert(sizeof(obuf) >= IFNAMSIZ + 20, "obuf is too small");
+ char *out;
-+ const char *in, *inlim;
++ const u_char *in, *inlim;
+ int namelen, i, rem;
- if (sdl->sdl_nlen) {
@@ -44,31 +44,31 @@
- firsttime = 0;
- else
+
-+ in = (const char *)sdl->sdl_data + sdl->sdl_nlen;
++ in = (const u_char *)sdl->sdl_data + sdl->sdl_nlen;
+ inlim = in + sdl->sdl_alen;
+
+ while (in < inlim && rem > 1) {
-+ if (in != (const char *)sdl->sdl_data + sdl->sdl_nlen) {
++ if (in != (const u_char *)sdl->sdl_data + sdl->sdl_nlen) {
*out++ = '.';
+ rem--;
+ }
i = *in++;
if (i > 0xf) {
- out[1] = hexlist[i & 0xf];
-+ if (rem < 3)
-+ break;
-+ *out++ = hexlist[i & 0xf];
- i >>= 4;
+- i >>= 4;
- out[0] = hexlist[i];
- out += 2;
- } else
- *out++ = hexlist[i];
++ if (rem < 3)
++ break;
++ *out++ = hexlist[i >> 4];
++ *out++ = hexlist[i & 0xf];
+ rem -= 2;
+ } else {
+ if (rem < 2)
+ break;
-+ *out++ = hexlist[i];
-+ rem++;
+ *out++ = hexlist[i];
++ rem--;
+ }
}
*out = 0;
Modified: head/share/security/patches/SA-16:37/libc.patch.asc
==============================================================================
--- head/share/security/patches/SA-16:37/libc.patch.asc Wed Dec 7 19:03:09 2016 (r49714)
+++ head/share/security/patches/SA-16:37/libc.patch.asc Thu Dec 8 03:59:23 2016 (r49715)
@@ -1,16 +1,16 @@
-----BEGIN PGP SIGNATURE-----
-iQIcBAABCgAGBQJYRw1vAAoJEO1n7NZdz2rnH2QP/jQF/xtjDHJoEKk3h6DGZUC4
-GM27jneyYt/SWbGVHchYhD6y+67304OeUCZ7N6aEUI3cVgoZObDuVNoNrtfBnSPB
-gTtAOUQchlF0ZP/TKZSrONz6Pz+1R/N9QryJSDYr3KUsLDuU6I2nob7kR+Iwxn1V
-pX8MakPMSOUH8tHHpXlQySN8rjobtiCdvulDyi0IX92Ajdq7fqLlu2oiHsMYdtfW
-hzWahmHJZUFe0CqLc+78vGB5WTsIXcwSfrkq5MVy8hDlbtmFrgyXcReEBnXSw+kC
-Y751w+W674Cck/60inzA3is7Iy84/yE0fGuBmFWPhOatTbVqI6dG+gK0CqlzW8g7
-M9ven4K9S9vO52oMSlQJi1VGx66r1P4+7RpiqIC6GFpBZ4ItEYvD4/SP3y75eIGD
-LRSzV+LHJarwNslznAFWxg0rWoHbOhH2x0XT2Ve7rXXm4jzIMTL6LSczYlppQ6d2
-DBfyFHykY4iA0VbSBJYXueQrDHc4njJnr4Kl1ZSOZq9HhUbwVcVM0Wse+ZZJ7veQ
-Xe83iqX6+bbRM8GFLtSw/mJa1h+TMW6N8T/qQXdokYCpVASLDnwfLinqkeC1mh+H
-Wr5kf9pbrBTLcnR/LRnVDZ9ySN6AaZdbLea+7RnPZ46MyQIG14yIvJMPk1LnQB9L
-dO+RStwsKHuz2O37ENqi
-=lrl6
+iQIcBAABCgAGBQJYSNpCAAoJEO1n7NZdz2rn878P/Apo2QqeYGpvg35269V/BSL/
+jV42W8llFJ+5sxieWMgxTX3RxymwqhxZPQU6gFoBadnESWo/Z00mtNHygP7JIkDZ
+SKmOBJl2uZDuZpXAwt2wpKqzYixBAzA19R7gxHI9nXU9CiAG4Ql+EAD99QbUZhPf
+CjELbPmYwdkt77QrRJXdUZd+vUV3QkvB/4B+eww+aoaG5pTZ1IVjO45PXQn4FDsW
+04UNYlvgKXQCpEBDYKbsht1B75JCrlvgMpG0KBeDzVMtWxLcTtj8l4U4HH70N6Jx
+OTcvyCuzRMNltKVEcl5j8HX8YbHq8cGSzdbtKXbCrP4BHGjNJpL9ZGZyZt0DpwI1
+/vjij8ChpMUH9g+lrIGZF6WvXaY3L4OInldtUvBuYuVuJMiXiR2WuRJSzyMHVgxN
+2+k3+wgkwPHwJ24UTu+pj0GJ/e7HdWTEUK+Ox6m/+ynj69jlRoUipf1JrFMCsBVh
+BfoPZdYEXjy2Y8hAs4ybQvufFdBs/A7G+xHR4qgQ7XxnTaCTR3GObHAvp1ytHj19
+J1nHjPoF7t9wq7ZBOXJNJGtZ4T1S5E5POtXQvxXm/pk+I9JqauESUDyBkhaStEJB
+O+g0cS3G51tJpcfhEnaNQnFeI20NIXkqeqGZSDdCMHXseWzJuWqux7xKICv0iA2x
+Sc88sLhCDB/Hu+VGm5DX
+=hvSq
-----END PGP SIGNATURE-----
More information about the svn-doc-all
mailing list