From noreply at github.com Tue Nov 29 23:18:25 2022
From: noreply at github.com (Lucas Holt)
Date: Tue, 29 Nov 2022 20:18:25 -0800
Subject: [Midnightbsd-cvs] [MidnightBSD/src] b8084f: ping reads raw IP
packets from the network to proc...
Message-ID: <MidnightBSD/src/push/refs/heads/master/a694c7-b8084f@github.com>
Branch: refs/heads/master
Home: https://github.com/MidnightBSD/src
Commit: b8084ffeccac92bd02461611a4c577eec918a3aa
https://github.com/MidnightBSD/src/commit/b8084ffeccac92bd02461611a4c577eec918a3aa
Author: Lucas Holt <luke at foolishgames.com>
Date: 2022-11-29 (Tue, 29 Nov 2022)
Changed paths:
M sbin/ping/ping.c
Log Message:
-----------
ping reads raw IP packets from the network to process responses in the
pr_pack() function. As part of processing a response ping has to
reconstruct the IP header, the ICMP header and if present a "quoted
packet," which represents the packet that generated an ICMP error. The
quoted packet again has an IP header and an ICMP header.
The pr_pack() copies received IP and ICMP headers into stack buffers
for further processing. In so doing, it fails to take into account the
possible presence of IP option headers following the IP header in
either the response or the quoted packet. When IP options are present,
pr_pack() overflows the destination buffer by up to 40 bytes.
Obtained from: FreeBSD
From noreply at github.com Tue Nov 29 23:20:34 2022
From: noreply at github.com (Lucas Holt)
Date: Tue, 29 Nov 2022 20:20:34 -0800
Subject: [Midnightbsd-cvs] [MidnightBSD/src] f467f7: ping reads raw IP
packets from the network to proc...
Message-ID: <MidnightBSD/src/push/refs/heads/stable/3.0/61be66-e231e9@github.com>
Branch: refs/heads/stable/3.0
Home: https://github.com/MidnightBSD/src
Commit: f467f7bc9a9dd288fc19350ea88ce47d0f0ca4c6
https://github.com/MidnightBSD/src/commit/f467f7bc9a9dd288fc19350ea88ce47d0f0ca4c6
Author: Lucas Holt <luke at foolishgames.com>
Date: 2022-11-29 (Tue, 29 Nov 2022)
Changed paths:
M sbin/ping/ping.c
Log Message:
-----------
ping reads raw IP packets from the network to process responses in the
pr_pack() function. As part of processing a response ping has to
reconstruct the IP header, the ICMP header and if present a "quoted
packet," which represents the packet that generated an ICMP error. The
quoted packet again has an IP header and an ICMP header.
The pr_pack() copies received IP and ICMP headers into stack buffers
for further processing. In so doing, it fails to take into account the
possible presence of IP option headers following the IP header in
either the response or the quoted packet. When IP options are present,
pr_pack() overflows the destination buffer by up to 40 bytes.
Obtained from: FreeBSD
Commit: e231e90b48119a8f5bfaa09e0b070e85570bc038
https://github.com/MidnightBSD/src/commit/e231e90b48119a8f5bfaa09e0b070e85570bc038
Author: Lucas Holt <luke at foolishgames.com>
Date: 2022-11-29 (Tue, 29 Nov 2022)
Changed paths:
M crypto/heimdal/lib/asn1/gen_free.c
Log Message:
-----------
fix defective security patch
Compare: https://github.com/MidnightBSD/src/compare/61be66d25d39...e231e90b4811
From noreply at github.com Tue Nov 29 23:24:44 2022
From: noreply at github.com (Lucas Holt)
Date: Tue, 29 Nov 2022 20:24:44 -0800
Subject: [Midnightbsd-cvs] [MidnightBSD/src] 87a030: fix defective security
patch
Message-ID: <MidnightBSD/src/push/refs/heads/stable/2.2/73e3d6-87a030@github.com>
Branch: refs/heads/stable/2.2
Home: https://github.com/MidnightBSD/src
Commit: 87a03043405568539e3507892148a5c80a3b4fd4
https://github.com/MidnightBSD/src/commit/87a03043405568539e3507892148a5c80a3b4fd4
Author: Lucas Holt <luke at foolishgames.com>
Date: 2022-11-29 (Tue, 29 Nov 2022)
Changed paths:
M crypto/heimdal/lib/asn1/gen_free.c
Log Message:
-----------
fix defective security patch