List Info

Thread: Re: NetBSD Security Advisory 2007-004: Insufficient length checking in iso(4)
Re: NetBSD Security Advisory 2007-004: Insufficient length checking in iso(4)
country flaguser name
Canada		 2007-07-28 12:41:04 

On Thu, 29 Mar 2007, NetBSD Security-Officer wrote:

> 		 NetBSD Security Advisory 2007-004
[...]
> 		NetBSD 3.1:		affected
[...]
> Fixed:	[...]
> 		NetBSD-3-1 branch:	March 29, 2007
[...]
> To update from CVS, re-build, and re-install the
kernel:
>
> 	# cd src
> 	# cvs update sys/netiso/clnp_subr.c
[and rebuild kernel]

I have tried this (cd /usr/src; cvs update
sys/netiso/clnp_subr.c) and
as far as I can tell by the date stamps on clnp_subr.c (mod
time
2005-02-26, ctime 2007-01-16 which is when I installed the
system), I
am not getting updated code.  This is NetBSD 3.1 release
(based on the
contents of /usr/src/CVS/Tag: Nnetbsd-3-1-RELEASE).  If I
trace the
cvs call:

   : quill[root]:/usr/src ; cvs -t update
sys/netiso/clnp_subr.c
    -> main loop with CVSROOT=anoncvsanoncvs.netbsd.org:/cvsroot
    -> Starting server: ssh -l anoncvs anoncvs.netbsd.org
cvs server
    -> Lock_Cleanup()
    -> Lock_Cleanup()

... apparently nothing to update.  Help?

Anne Bennett.
Re: NetBSD Security Advisory 2007-004: Insufficient length checking in iso(4)
country flaguser name
United States		 2007-07-28 14:16:31 
The release tag won't be moved.  You probably want to update
to
netbsd-3-1 which is the tag for the stable branch along
which 3.1 was
cut.  I just follow netbsd-3, which has more pullups, but
I've never had
trouble from following a post-release stable branch.

'cvs log' on such a file is helpful.  excerpts

RCS file: /cvsroot/src/sys/netiso/clnp_subr.c,v
Working file: clnp_subr.c
head: 1.29
branch:
locks: strict
access list:
symbolic names:
	netbsd-3-1: 1.17.0.6
	netbsd-3-1-RELEASE: 1.17
	netbsd-3-1-1-RELEASE: 1.17.6.1
	netbsd-3-0-3-RELEASE: 1.17.4.1
	netbsd-3-0-1-RELEASE: 1.17
	netbsd-3-0: 1.17.0.4
	netbsd-3-0-RELEASE: 1.17
	netbsd-3-0-RC6: 1.17
	netbsd-3: 1.17.0.2
	netbsd-3-base: 1.17
	netbsd-4: 1.21.0.2
	netbsd-4-base: 1.21


As you can see it's mostly 1.17.

revision 1.17.6.1
date: 2007/03/29 08:53:31;  author: ghen;  state: Exp; 
lines: +35 -23
Pull up following revision(s) (requested by adrianp in
ticket #1733):
	sys/netiso/clnp_subr.c: revision 1.27 via patch
A number of functions do not validate the length of
arguments passed.
As a result of this a user could supply a bad 'sockaddr'
structure to
clnp_route() via connect(2).
Issue found by Christer Oberg and patch from
christos@ (NetBSD-SA2007-004)
[1-2]

about | contact  Other archives ( Real Estate discussion Medical topics )