NetBSD Problem Report #49580

From www@NetBSD.org  Sat Jan 17 05:30:15 2015
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 1F12DA654C
	for <gnats-bugs@gnats.NetBSD.org>; Sat, 17 Jan 2015 05:30:15 +0000 (UTC)
Message-Id: <20150117053013.9DB65A6555@mollari.NetBSD.org>
Date: Sat, 17 Jan 2015 05:30:13 +0000 (UTC)
From: oshima-ya@yagoto-urayama.jp
Reply-To: oshima-ya@yagoto-urayama.jp
To: gnats-bugs@NetBSD.org
Subject: ipftest command should use MD5 functions of the system, instead of internals in ipf.
X-Send-Pr-Version: www-1.0

>Number:         49580
>Category:       bin
>Synopsis:       ipftest command should use MD5 functions of the system, instead of internals in ipf.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Jan 17 05:35:00 +0000 2015
>Closed-Date:    Fri Jan 23 12:49:43 +0000 2015
>Last-Modified:  Fri Jan 23 12:49:43 +0000 2015
>Originator:     Yasushi Oshima
>Release:        NetBSD 7.0_BETA
>Organization:
>Environment:
NetBSD usl5p1 7.0_BETA NetBSD 7.0_BETA (GENERIC) #0: Fri Jan 15 00:08:45 JST 2015  oshima@sweety:/export/netbsd-7/obj/landisk/sys/arch/landisk/compile/GENERIC landisk
>Description:
A ipftest of netbsd-7 and -current use MD5 functions of ipf-distribution, but NetBSD has them in system libc.

Makefile of ipftest directs to compile and link ipf-distribution's md5.c, but ip_dstlist.c called from ipftest includes sys/md5.h.
MD5_CTX structure of ipf's md5.h is different from sys/md5.h.
This will cause an unexpected result (for example buffer-overflow, destruct stack, SIGSEGV, ...).

>How-To-Repeat:

# ipftest -RD -b -P /usr/tests/ipf/regress/p10.pool -N /usr/tests/ipf/regress/p10.nat -i /usr/tests/ipf/input/p10

Segmentation fault (core dumped)

>Fix:
--- external/bsd/ipf/bin/ipftest/Makefile       24 Mar 2012 00:32:50 -0000      1.2
+++ external/bsd/ipf/bin/ipftest/Makefile       17 Jan 2015 05:13:43 -0000
@@ -7,7 +7,7 @@
                ip_proxy.c ip_auth.c ip_htable.c ip_lookup.c \
                ip_dstlist.c ip_pool.c ip_sync.c \
                ip_fil.c ip_log.c ippool_y.c ippool_l.c ipf_y.c \
-               ipf_l.c ipnat_y.c ipnat_l.c md5.c radix_ipf.c bpf_filter.c
+               ipf_l.c ipnat_y.c ipnat_l.c radix_ipf.c bpf_filter.c
 MAN=           ipftest.1

 CPPFLAGS+=     -DIPFILTER_LOG -DIPFILTER_LOOKUP \

>Release-Note:

>Audit-Trail:

State-Changed-From-To: open->pending-pullups
State-Changed-By: martin@NetBSD.org
State-Changed-When: Sat, 17 Jan 2015 11:28:59 +0000
State-Changed-Why:
Fixed in -current, waiting for pullup-7 #431
Thanks for the patch!


From: "Martin Husemann" <martin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/49580 CVS commit: src/external/bsd/ipf/bin/ipftest
Date: Sat, 17 Jan 2015 11:25:30 +0000

 Module Name:	src
 Committed By:	martin
 Date:		Sat Jan 17 11:25:30 UTC 2015

 Modified Files:
 	src/external/bsd/ipf/bin/ipftest: Makefile

 Log Message:
 Do not compile md5.c (while usning system md5.h headers) - instead just
 use the libc version.
 Patch from Yasushi Oshima in PR bin/49580.


 To generate a diff of this commit:
 cvs rdiff -u -r1.2 -r1.3 src/external/bsd/ipf/bin/ipftest/Makefile

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

From: "Soren Jacobsen" <snj@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/49580 CVS commit: [netbsd-7] src/external/bsd/ipf/bin/ipftest
Date: Tue, 20 Jan 2015 21:04:36 +0000

 Module Name:	src
 Committed By:	snj
 Date:		Tue Jan 20 21:04:36 UTC 2015

 Modified Files:
 	src/external/bsd/ipf/bin/ipftest [netbsd-7]: Makefile

 Log Message:
 Pull up following revision(s) (requested by martin in ticket #431):
 	external/bsd/ipf/bin/ipftest/Makefile: revision 1.3
 Do not compile md5.c (while usning system md5.h headers) - instead just
 use the libc version.
 Patch from Yasushi Oshima in PR bin/49580.


 To generate a diff of this commit:
 cvs rdiff -u -r1.2 -r1.2.14.1 src/external/bsd/ipf/bin/ipftest/Makefile

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: pending-pullups->closed
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Fri, 23 Jan 2015 12:49:43 +0000
State-Changed-Why:
pullups complete; thanks


>Unformatted:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2014 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.