From nobody@FreeBSD.org  Mon May  7 16:26:38 2001
Return-Path: <nobody@FreeBSD.org>
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 57BF837B422
	for <freebsd-gnats-submit@FreeBSD.org>; Mon,  7 May 2001 16:26:38 -0700 (PDT)
	(envelope-from nobody@FreeBSD.org)
Received: (from nobody@localhost)
	by freefall.freebsd.org (8.11.1/8.11.1) id f47NQcL15506;
	Mon, 7 May 2001 16:26:38 -0700 (PDT)
	(envelope-from nobody)
Message-Id: <200105072326.f47NQcL15506@freefall.freebsd.org>
Date: Mon, 7 May 2001 16:26:38 -0700 (PDT)
From: scott@renfro.org
To: freebsd-gnats-submit@FreeBSD.org
Subject: wget: IPv4 abort() w/kame 20010418 IPv6 patch
X-Send-Pr-Version: www-1.0

>Number:         27193
>Category:       ports
>Synopsis:       wget: IPv4 abort() w/kame 20010418 IPv6 patch
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    sumikawa
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon May 07 16:30:00 PDT 2001
>Closed-Date:    Sun May 20 22:37:45 JST 2001
>Last-Modified:  Sun May 20 22:38:40 JST 2001
>Originator:     Scott Renfro
>Release:        4-STABLE
>Organization:
>Environment:
FreeBSD scott.securify.com 4.3-RC FreeBSD 4.3-RC #0: Tue Apr 24 09:33:42 PDT 2001     srenfro@scott.securify.com:/usr/src/sys/compile/SCOTT-Z505LS  i386

>Description:
sizeof(hbuf) rather than hlen is passed as buffer length to
inet_ntop(3) in the #ifndef INET6 conditional code in ftp_epsv() in
ftp-basic.c from the kame 0418 patch.

Since hbuf is a pointer rather than an array in this scope,
inet_ntop(3) doesn't have enough space and returns 0, setting
errno to ENOSPC, which leads to the abort(3) call at line 387
in ftp.c.

>How-To-Repeat:
just use wget-1.6_3 on a machine where INET6 is not defined... causes
abort(3) call every time.
>Fix:
Here's two patches: first is a patch to wget-16-v6-20010418a.diff;
second is a patch to ftp-basic.c after being patched with above.  (first can be sent to kame and second may be useful in the interim).

-----FIRST PATCH

--- wget-16-v6-20010418a.diff.orig      Mon May  7 14:50:04 2001
+++ wget-16-v6-20010418a.diff   Mon May  7 14:50:22 2001
@@ -2870,7 +2870,7 @@
 +  if (((struct sockaddr *)&ss)->sa_family != AF_INET)
 +    return HOSTERR;
 +  if (!inet_ntop(AF_INET, &((struct sockaddr_in *)&ss)->sin_addr, hbuf,
-+      sizeof(hbuf)))
++      hlen))
 +    return HOSTERR;
 +#else
 +  if (getnameinfo((struct sockaddr *)&ss, sslen, hbuf, hlen, NULL, 0,


-----SECOND PATCH
--- ftp-basic.c.patched Mon May  7 14:52:44 2001
+++ ftp-basic.c Mon May  7 14:53:06 2001
@@ -462,7 +462,7 @@
   if (((struct sockaddr *)&ss)->sa_family != AF_INET)
     return HOSTERR;
   if (!inet_ntop(AF_INET, &((struct sockaddr_in *)&ss)->sin_addr, hbuf,
-      sizeof(hbuf)))
+      hlen))
     return HOSTERR;
 #else
   if (getnameinfo((struct sockaddr *)&ss, sslen, hbuf, hlen, NULL, 0,



>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports->sumikawa 
Responsible-Changed-By: sumikawa 
Responsible-Changed-When: Tue May 8 10:48:58 JST 2001 
Responsible-Changed-Why:  
KAME IPv6 patch issue. I'll handle this. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=27193 
State-Changed-From-To: open->closed 
State-Changed-By: sumikawa 
State-Changed-When: Sun May 20 22:37:45 JST 2001 
State-Changed-Why:  
Your patch was merged into KAME IPv6 patch and wget port was 
upgraded, thanks! 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=27193 
>Unformatted:
