Bug#685056: slirp: IPCP negotiation fails for 64-bit hosts

Thu, 16 Aug 2012 00:39:16 -0700 

Package: slirp
Version: 1:1.0.17-4
Severity: important
Tags: patch

Due to incorrect use of "sizeof(long)" in src/ppp/ipcp.c, a 64-bit host may 
send back incorrect
IPCP NAKs in response to a client sending an IPCP configure request that 
includes DNS/WINS
options.

Example data observed (for a host using 205.137.237.222 and 8.8.8.8 for DNS):
data in  -> client requests IP and DNS addresses from host (configure request)
raw: 7E 80 21 01 01 00 16 03 06 00 00 00 00 81 06 00 00 00 00 83 06 00 00 00 00 
0E 5B 7E
data out <- host sends NAK with offered IP and DNS addresses (configure nak)
raw: 7E FF 03 80 21 03 01 00 16 03 06 0A 00 CD 86 ED DE 00 00 08 08 08 08 00 00 
00 00 29 E2 7E

The NAK response offers an incorrect IP address and no DNS IPs, which 
eventually causes
negotiation to fail.

Proposed solution is to change "sizeof (long)" to "sizeof (u_int32_t)" to 
correctly match the
length of IPV4 addresses, using following patch or similar:

--- a/ipcp.c
+++ b/ipcp.c
@@ -881,7 +881,7 @@
            }
            GETLONG(tl,p);
            if (htonl(tl) != wo->dnsaddr[0]) {
-                DECPTR(sizeof (long),p);
+                DECPTR(sizeof (u_int32_t),p);
                tl = ntohl(wo->dnsaddr[0]);
                PUTLONG(tl, p);
                orc = CONFNAK;
@@ -899,7 +899,7 @@
            }
            GETLONG(tl,p);
            if (htonl(tl) != wo->winsaddr[0]) {
-                DECPTR(sizeof (long),p);
+                DECPTR(sizeof (u_int32_t),p);
                tl = ntohl(wo->winsaddr[0]);
                PUTLONG(tl, p);
                orc = CONFNAK;
@@ -917,7 +917,7 @@
            }
            GETLONG(tl,p);
            if (htonl(tl) != wo->dnsaddr[1]) { /* and this is the 2nd one */
-                DECPTR(sizeof (long),p);
+                DECPTR(sizeof (u_int32_t),p);
                tl = ntohl(wo->dnsaddr[1]);
                PUTLONG(tl, p);
                orc = CONFNAK;
@@ -935,7 +935,7 @@
            }
            GETLONG(tl,p);
            if (htonl(tl) != wo->winsaddr[1]) { /* and this is the 2nd one */
-                DECPTR(sizeof (long),p);
+                DECPTR(sizeof (u_int32_t),p);
                tl = ntohl(wo->winsaddr[1]);
                PUTLONG(tl, p);
                orc = CONFNAK;



-- System Information:
Debian Release: 6.0.2
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-274.7.1.el5.028stab095.1 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages slirp depends on:
ii  libc6                         2.11.3-3   Embedded GNU C Library: Shared lib

slirp recommends no packages.

slirp suggests no packages.

-- no debconf information


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to