From takeda@takeda.tk  Tue May 18 23:02:58 2004
Return-Path: <takeda@takeda.tk>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1A72F16A4CE
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 18 May 2004 23:02:58 -0700 (PDT)
Received: from freebsd.takeda.tk (node-402413e2.sna.onnet.us.uu.net [64.36.19.226])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5B28843D5E
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 18 May 2004 23:02:53 -0700 (PDT)
	(envelope-from takeda@takeda.tk)
Received: from freebsd.takeda.tk (localhost.takeda.tk [127.0.0.1])
	by freebsd.takeda.tk (8.12.9p2/8.12.9) with ESMTP id i4J62owN034765
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 18 May 2004 23:02:50 -0700 (PDT)
	(envelope-from takeda@takeda.tk)
Received: (from root@localhost)
	by freebsd.takeda.tk (8.12.9p2/8.12.9/Submit) id i4J62jVs034764;
	Tue, 18 May 2004 23:02:45 -0700 (PDT)
	(envelope-from takeda)
Message-Id: <200405190602.i4J62jVs034764@freebsd.takeda.tk>
Date: Tue, 18 May 2004 23:02:45 -0700 (PDT)
From: Dariusz Kulinski <takeda3@netzero.net>
Reply-To: Dariusz Kulinski <takeda3@netzero.net>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [patch] on freebsd 4.x there is high probability that oidentd can get into infinite loop
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         66857
>Category:       ports
>Synopsis:       [patch] on freebsd 4.x there is high probability that oidentd can get into infinite loop
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Tue May 18 23:10:18 PDT 2004
>Closed-Date:    Wed May 19 01:03:07 PDT 2004
>Last-Modified:  Wed May 19 01:03:07 PDT 2004
>Originator:     Dariusz Kulinski
>Release:        FreeBSD 4.9-RELEASE-p4 i386
>Organization:
>Environment:
System: FreeBSD freebsd.takeda.tk 4.9-RELEASE-p4 FreeBSD 4.9-RELEASE-p4 #0: Wed Mar 17 22:05:17 PST 2004 root@freebsd.takeda.tk:/usr/obj/usr/src/sys/TUNED i386


	
>Description:
	Last patch to oidentd introduced a bug under freebsd 4.x.
	In get_list() function there is do-while loop, patch included additional
	continue instructions, which skipped "head = pcbp.inp_list.le_next;"
	making oidentd go into infinite loop.
	This patch fixes that issue. 
	 
>How-To-Repeat:
	
>Fix:

	

--- oidentd.patch begins here ---
diff -burN oidentd/files/patch-unprivileged_ipv6 oidentd.new/files/patch-unprivileged_ipv6
--- oidentd/files/patch-unprivileged_ipv6	Sat Mar 20 20:38:56 2004
+++ oidentd.new/files/patch-unprivileged_ipv6	Tue May 18 22:39:05 2004
@@ -1,6 +1,6 @@
-diff -ru src.old/kernel/freebsd.c src/kernel/freebsd.c
---- src.old/kernel/freebsd.c	Sat Mar 20 20:36:51 2004
-+++ src/kernel/freebsd.c	Sat Mar 20 20:37:09 2004
+diff -ru src/kernel/freebsd.c src.new/kernel/freebsd.c
+--- src/kernel/freebsd.c	Tue May 18 22:37:42 2004
++++ src.new/kernel/freebsd.c	Tue May 18 22:35:00 2004
 @@ -159,11 +159,11 @@
  
  #ifdef _HAVE_OLD_INPCB
@@ -38,7 +38,7 @@
  			pcbp->inp_fport == fport &&
  			pcbp->inp_lport == lport)
  		{
-@@ -199,16 +199,33 @@
+@@ -199,28 +199,45 @@
  
  #else
  
@@ -76,7 +76,10 @@
  
  	head = pcbhead->lh_first;
  	if (head == NULL)
-@@ -218,9 +235,9 @@
+ 		return (NULL);
+ 
+-	do {
++	for {; head != NULL; head = pcbp.inp_list.le_next) {
  		if (getbuf((u_long) head, &pcbp, sizeof(struct inpcb)) == -1)
  			break;
  
@@ -89,7 +92,7 @@
  				pcbp.inp_fport == fport &&
  				pcbp.inp_lport == lport)
  			{
-@@ -228,8 +245,32 @@
+@@ -228,16 +245,39 @@
  			}
  		}
  
@@ -124,7 +127,16 @@
  			pcbp.inp_fport == fport &&
  			pcbp.inp_lport == lport)
  		{
-@@ -248,7 +289,7 @@
+ 			return (pcbp.inp_socket);
+ 		}
+ 
+-		head = pcbp.inp_list.le_next;
+-	} while (head != NULL);
++	}
+ 
+ 	return (NULL);
+ }
+@@ -248,7 +288,7 @@
  ** Return the UID of the connection owner
  */
  
@@ -133,7 +145,7 @@
  				in_port_t fport,
  				struct sockaddr_storage *laddr,
  				struct sockaddr_storage *faddr)
-@@ -276,8 +317,9 @@
+@@ -276,8 +316,9 @@
  	tcb.inp_prev = (struct inpcb *) kinfo->nl[N_TCB].n_value;
  #endif
  
@@ -145,7 +157,7 @@
  
  	if (sockp == NULL)
  		return (-1);
-@@ -346,6 +388,14 @@
+@@ -346,6 +387,14 @@
  	return (-1);
  }
  
@@ -160,7 +172,7 @@
  #ifdef MASQ_SUPPORT
  
  /*
-@@ -456,36 +506,7 @@
+@@ -456,36 +505,7 @@
  				struct sockaddr_storage *laddr,
  				struct sockaddr_storage *faddr)
  {
@@ -198,9 +210,9 @@
  }
  
  #endif
-diff -ru src.old/kernel/freebsd5.c src/kernel/freebsd5.c
---- src.old/kernel/freebsd5.c	Sat Mar 20 20:36:51 2004
-+++ src/kernel/freebsd5.c	Sat Mar 20 20:37:13 2004
+diff -ru src/kernel/freebsd5.c src.new/kernel/freebsd5.c
+--- src/kernel/freebsd5.c	Tue May 18 22:37:42 2004
++++ src.new/kernel/freebsd5.c	Tue May 18 22:31:12 2004
 @@ -160,11 +160,11 @@
  
  #ifdef _HAVE_OLD_INPCB
--- oidentd.patch ends here ---


>Release-Note:
>Audit-Trail:

From: Dariusz Kulinski <takeda@takeda.tk>
To: freebsd-gnats-submit@FreeBSD.org, takeda3@netzero.net
Cc:  
Subject: Re: ports/66857: [patch] on freebsd 4.x there is high probability that oidentd can get into infinite loop
Date: Wed, 19 May 2004 00:06:31 -0700

 this patch has one typo:
 for {; head != NULL; head = pcbp.inp_list.le_next) {
     ^
 it should be:
 for (; head != NULL; head = pcbp.inp_list.le_next) {
     ^
 
 http://www.freebsd.org/cgi/query-pr.cgi?pr=66858 has that problem
 fixed, sorry for the troubles.
 
 
State-Changed-From-To: open->closed 
State-Changed-By: eik 
State-Changed-When: Wed May 19 10:02:27 CEST 2004 
State-Changed-Why:  
duplicate of PR 66858 

http://www.freebsd.org/cgi/query-pr.cgi?pr=66857 
>Unformatted:
