215105 – link_ntoa() hex formatting breakage in today's patch

Bug 215105 - link_ntoa() hex formatting breakage in today's patch

Summary: link_ntoa() hex formatting breakage in today's patch

Status:	Closed FIXED

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	bin (show other bugs)
Version:	CURRENT
Hardware:	Any Any

Importance:	--- Affects Some People
Assignee:	Gleb Smirnoff

URL:
Keywords:

Depends on:
Blocks:

Reported:	2016-12-07 01:43 UTC by jtd2004a
Modified:	2016-12-08 04:45 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
proposed patch, not tested yet (550 bytes, patch) 2016-12-07 07:17 UTC, Gleb Smirnoff	no flags	Details \| Diff
proposed patch #2, somewhat tested (1.21 KB, patch) 2016-12-07 08:28 UTC, Gleb Smirnoff	no flags	Details \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description jtd2004a 2016-12-07 01:43:55 UTC

The recently issued patch for security issue FreeBSD-SA-16:36.libc has three problems affecting the link_ntoa() function.

1. Hex digits are reversed in order: 0x27 is represented as 72, etc.  This is because the old code wrote out[1] then out[0]; the new code writes *out++ and *out++ in the same order.
2. Accounting of buffer space is bad: In the single-digit case, it has 'rem++' but should probably have 'rem--' instead.
3. Bytes in the range 0x80-0xff are represented badly, for instance 0x84 is represented by backslash in my test environment.  This appears to result from 'char' and 'int' being signed, in the 'if (i > 0xf)'.  This one might also depend on my very unusual system.

Comment 1 Gleb Smirnoff freebsd_committer

2016-12-07 07:17:34 UTC

Created attachment 177740 [details]
proposed patch, not tested yet

Comment 2 jtd2004a 2016-12-07 07:49:23 UTC

Regarding the attached proposed patch, if i is negative, (i >> 4) will be negative too, and a negative offset into hexlist[] is not good.  Suggest ((i >> 4) & 0xf).

Comment 3 Gleb Smirnoff freebsd_committer

2016-12-07 08:28:42 UTC

Created attachment 177744 [details]
proposed patch #2, somewhat tested

Comment 4 jtd2004a 2016-12-07 22:37:13 UTC

For what it's worth, I've tested your "proposed patch #2, somewhat tested" fix on my system, and it passed the tests.

Comment 5 Gleb Smirnoff freebsd_committer

2016-12-07 22:41:29 UTC

Thanks for confirmation. I've launched freebsd-update builds yesterday with patch #2 and they are still running. Once they are done, I will publish revised advisory.

Comment 6 commit-hook freebsd_committer

2016-12-07 23:18:37 UTC

A commit references this bug:

Author: glebius
Date: Wed Dec  7 23:18:00 UTC 2016
New revision: 309688
URL: https://svnweb.freebsd.org/changeset/base/309688

Log:
  Address regressions in SA-16:37.libc.

  PR:		215105
  Submitted by:	<jtd2004a sbcglobal.net>

Changes:
  head/lib/libc/net/linkaddr.c

Comment 7 commit-hook freebsd_committer

2016-12-07 23:20:43 UTC

A commit references this bug:

Author: glebius
Date: Wed Dec  7 23:19:46 UTC 2016
New revision: 309689
URL: https://svnweb.freebsd.org/changeset/base/309689

Log:
  Merge rr309688: address regressions in SA-16:37.libc.

  PR:		215105
  Submitted by:	<jtd2004a sbcglobal.net>

Changes:
_U  stable/11/
  stable/11/lib/libc/net/linkaddr.c

Comment 8 commit-hook freebsd_committer

2016-12-07 23:20:45 UTC

A commit references this bug:

Author: glebius
Date: Wed Dec  7 23:20:27 UTC 2016
New revision: 309690
URL: https://svnweb.freebsd.org/changeset/base/309690

Log:
  Merge rr309688: address regressions in SA-16:37.libc.

  PR:		215105
  Submitted by:	<jtd2004a sbcglobal.net>

Changes:
_U  stable/10/
  stable/10/lib/libc/net/linkaddr.c

Comment 9 commit-hook freebsd_committer

2016-12-07 23:21:48 UTC

A commit references this bug:

Author: glebius
Date: Wed Dec  7 23:20:51 UTC 2016
New revision: 309691
URL: https://svnweb.freebsd.org/changeset/base/309691

Log:
  Merge rr309688: address regressions in SA-16:37.libc.

  PR:		215105
  Submitted by:	<jtd2004a sbcglobal.net>

Changes:
_U  stable/9/
_U  stable/9/lib/
_U  stable/9/lib/libc/
  stable/9/lib/libc/net/linkaddr.c

Comment 10 commit-hook freebsd_committer

2016-12-07 23:29:56 UTC

A commit references this bug:

Author: glebius
Date: Wed Dec  7 23:29:43 UTC 2016
New revision: 309692
URL: https://svnweb.freebsd.org/changeset/base/309692

Log:
  Merge r309688: address regressions in SA-16:37.libc.

  PR:		215105
  Submitted by:	<jtd2004a sbcglobal.net>
  Approved by:	so

Changes:
_U  releng/11.0/
  releng/11.0/UPDATING
  releng/11.0/lib/libc/net/linkaddr.c
  releng/11.0/sys/conf/newvers.sh

Comment 11 commit-hook freebsd_committer

2016-12-07 23:32:00 UTC

A commit references this bug:

Author: glebius
Date: Wed Dec  7 23:31:07 UTC 2016
New revision: 309693
URL: https://svnweb.freebsd.org/changeset/base/309693

Log:
  Merge r309688: address regressions in SA-16:37.libc.

  PR:		215105
  Submitted by:	<jtd2004a sbcglobal.net>
  Approved by:	so

Changes:
_U  releng/10.3/
  releng/10.3/UPDATING
  releng/10.3/lib/libc/net/linkaddr.c
  releng/10.3/sys/conf/newvers.sh

Comment 12 commit-hook freebsd_committer

2016-12-07 23:33:03 UTC

A commit references this bug:

Author: glebius
Date: Wed Dec  7 23:32:42 UTC 2016
New revision: 309694
URL: https://svnweb.freebsd.org/changeset/base/309694

Log:
  Merge r309688: address regressions in SA-16:37.libc.

  PR:		215105
  Submitted by:	<jtd2004a sbcglobal.net>
  Approved by:	so

Changes:
_U  releng/10.2/
  releng/10.2/UPDATING
  releng/10.2/lib/libc/net/linkaddr.c
  releng/10.2/sys/conf/newvers.sh

Comment 13 commit-hook freebsd_committer

2016-12-07 23:35:06 UTC

A commit references this bug:

Author: glebius
Date: Wed Dec  7 23:34:07 UTC 2016
New revision: 309696
URL: https://svnweb.freebsd.org/changeset/base/309696

Log:
  Merge r309688: address regressions in SA-16:37.libc.

  PR:		215105
  Submitted by:	<jtd2004a sbcglobal.net>
  Approved by:	so

Changes:
_U  releng/10.1/
  releng/10.1/UPDATING
  releng/10.1/lib/libc/net/linkaddr.c
  releng/10.1/sys/conf/newvers.sh

Comment 14 commit-hook freebsd_committer

2016-12-07 23:36:09 UTC

A commit references this bug:

Author: glebius
Date: Wed Dec  7 23:35:16 UTC 2016
New revision: 309697
URL: https://svnweb.freebsd.org/changeset/base/309697

Log:
  Merge r309688: address regressions in SA-16:37.libc.

  PR:		215105
  Submitted by:	<jtd2004a sbcglobal.net>
  Approved by:	so

Changes:
_U  releng/9.3/
  releng/9.3/UPDATING
_U  releng/9.3/lib/libc/
  releng/9.3/lib/libc/net/linkaddr.c
  releng/9.3/sys/conf/newvers.sh