NetBSD Problem Report #42464
From www@NetBSD.org Thu Dec 17 06:02:03 2009
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by www.NetBSD.org (Postfix) with ESMTP id 5BE0A63C37E
for <gnats-bugs@gnats.NetBSD.org>; Thu, 17 Dec 2009 06:02:03 +0000 (UTC)
Message-Id: <20091217060203.28E5763B844@www.NetBSD.org>
Date: Thu, 17 Dec 2009 06:02:03 +0000 (UTC)
From: tmcintos@eskimo.com
Reply-To: tmcintos@eskimo.com
To: gnats-bugs@NetBSD.org
Subject: timed interoperability has been broken since 2001
X-Send-Pr-Version: www-1.0
>Number: 42464
>Category: bin
>Synopsis: timed interoperability has been broken since 2001
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: bin-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Dec 17 06:05:00 +0000 2009
>Closed-Date: Mon Apr 09 18:49:02 +0000 2018
>Last-Modified: Mon Apr 09 18:49:02 +0000 2018
>Originator: Timothy McIntosh
>Release: 5.0
>Organization:
Green Dome Software
>Environment:
NetBSD hoth.astro.net 5.0 NetBSD 5.0 (GENERIC32_IP2x) #0: Mon Apr 27 06:08:08 UTC 2009 builds@b1.netbsd.org:/home/builds/ab/netbsd-5-0-RELEASE/sgimips/200904260229Z-obj/home/builds/ab/netbsd-5-0-RELEASE/src/sys/arch/sgimips/compile/GENERIC32_IP2x sgimips
>Description:
timed interoperability has been broken since the patch described in FreeBSD SA-01:28 was implemented in 2001:
http://security.freebsd.org/patches/SA-01:28/timed.patch
http://security.freebsd.org/advisories/FreeBSD-SA-01:28.timed.asc
This patch erroneously forces all TSP packets to be maximally sized. This is in violation of the time synchronization protocol definition, which defines the Machine Name field as a zero-terminated string from 1 to 256 ASCII characters in length (including the terminating NUL character).
http://docs.freebsd.org/44doc/smm/12.timed/paper.pdf
Not all timed implementations send maximally-sized messages, as this implementation does. One such system is Tru64 UNIX version 4.0F, where MAXHOSTNAMELEN is defined as 64. The current timed implementation fails to communicate with such a system, producing messages such as the following in the system log:
Dec 16 22:52:38 hoth timed[364]: short packet (76/268 bytes) from 10.0.1.213
Note: In the 4.3BSD TSP definition, the tsp_name field was 32 characters in size:
http://www.eecs.berkeley.edu/Pubs/TechRpts/1985/CSD-85-250.pdf
>How-To-Repeat:
Attempt to use timed with a system that does not send maximally-sized TSP messages.
>Fix:
I have applied the following patch locally to the timed on my Mac OS X 10.5.8 (Darwin 9.8.0) system, and confirms that it resolves the interoperability issue. The NetBSD 5 timed code is essentially the same, so the same approach would apply there, but I have not ported the patch as of this time:
diff -ur remote_cmds-13.0.2/timed.tproj/timed.tproj/globals.h remote_cmds-13.0.2-patched/timed.tproj/timed.tproj/globals.h
--- remote_cmds-13.0.2/timed.tproj/timed.tproj/globals.h 1999-05-01 22:57:34.000000000 -0500
+++ remote_cmds-13.0.2-patched/timed.tproj/timed.tproj/globals.h 2009-12-15 01:33:17.000000000 -0600
@@ -70,6 +70,7 @@
#include <errno.h>
#include <limits.h>
#include <netdb.h>
+#include <stddef.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
diff -ur remote_cmds-13.0.2/timed.tproj/timed.tproj/readmsg.c remote_cmds-13.0.2-patched/timed.tproj/timed.tproj/readmsg.c
--- remote_cmds-13.0.2/timed.tproj/timed.tproj/readmsg.c 2006-02-07 00:23:04.000000000 -0600
+++ remote_cmds-13.0.2-patched/timed.tproj/timed.tproj/readmsg.c 2009-12-15 01:37:12.000000000 -0600
@@ -231,15 +231,16 @@
continue;
}
length = sizeof(from);
+ bzero(&msgin, sizeof msgin);
if ((n = recvfrom(sock, (char *)&msgin, sizeof(struct tsp), 0,
(struct sockaddr*)&from, &length)) < 0) {
syslog(LOG_ERR, "recvfrom: %m");
exit(1);
}
- if (n < (ssize_t)sizeof(struct tsp)) {
+ if (n <= (ssize_t)offsetof(struct tsp, tsp_name)) {
syslog(LOG_NOTICE,
"short packet (%u/%u bytes) from %s",
- n, sizeof(struct tsp),
+ n, offsetof(struct tsp, tsp_name)+1,
inet_ntoa(from.sin_addr));
continue;
}
>Release-Note:
>Audit-Trail:
From: "Brian Ginsbach" <ginsbach@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/42464 CVS commit: src/usr.sbin/timed/timed
Date: Fri, 11 Aug 2017 16:47:42 +0000
Module Name: src
Committed By: ginsbach
Date: Fri Aug 11 16:47:42 UTC 2017
Modified Files:
src/usr.sbin/timed/timed: readmsg.c
Log Message:
PR bin/42464: Timothy McIntosh: Fix timed interoperability
Fix is a combination of FreeBSD fix and submitted patch.
[From the FreeBSD change]
The timed protocol is not implemented in a compatible way by all
vendors; the size of the tsp_name field is OS-dependent. 4.3BSD
used a 32-byte field, FreeBSD uses MAXHOSTNAMELEN and RedHat
apparently uses a 64-byte field. As a result, sanity checking code
added a few months ago to detect short packets will fail when
interoperating with one of these other vendors.
Change the short packet detection code to expect a minimum packet
size corresponding to the 4.3BSD implementation, which should be
a safe minimum size.
To generate a diff of this commit:
cvs rdiff -u -r1.22 -r1.23 src/usr.sbin/timed/timed/readmsg.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->feedback
State-Changed-By: ginsbach@NetBSD.org
State-Changed-When: Fri, 11 Aug 2017 18:12:26 +0000
State-Changed-Why:
Fix committed based on FreeBSD change for the same issue and the supplied
patch. Thanks for the report and patch. Does this fix the issue?
State-Changed-From-To: feedback->closed
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Mon, 09 Apr 2018 18:49:02 +0000
State-Changed-Why:
feedback timeout, assume fix ok
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.43 2018/01/16 07:36:43 maya Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2017
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.