SECURITY fix:

Jonny Robertson reported that Zebra can be remotely crashed if a Zebra password has been enabled and a remote attacker can connect to the Zebra telnet management port. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0795 to this issue. from http://rhn.redhat.com/errata/RHSA-2003-307.html Bump package name. ok itojun@ margarida@
2003-11-18 19:26:08 +00:00 · 2003-11-18 19:26:08 +00:00 · 88962318bb
commit 88962318bb
parent 528b770575
2 changed files with 26 additions and 1 deletions
--- a/net/zebra/Makefile
+++ b/net/zebra/Makefile
@ -1,10 +1,11 @@
-# $OpenBSD: Makefile,v 1.24 2003/05/12 18:02:45 sturm Exp $
+# $OpenBSD: Makefile,v 1.25 2003/11/18 19:26:08 david Exp $
 # KAME Id: Makefile,v 1.5 1999/09/13 16:27:41 itojun Exp
 # Originally by: peter.galbavy@knowledge.com

 COMMENT=	"multi-threaded routing daemon"

 DISTNAME=	zebra-0.93a
+PKGNAME=	${DISTNAME}p1
 CATEGORIES=	net
 MASTER_SITES=	ftp://ftp.zebra.org/pub/zebra/ \
 		ftp://ftp.knowledge.com/pub/mirrors/zebra/ \
--- a/net/zebra/patches/patch-lib_vty_c
+++ b/net/zebra/patches/patch-lib_vty_c
@ -0,0 +1,24 @@
+$OpenBSD: patch-lib_vty_c,v 1.1 2003/11/18 19:26:08 david Exp $
+--- lib/vty.c.orig	2002-07-07 03:12:47.000000000 -0500
+++ lib/vty.c	2003-11-17 19:12:07.000000000 -0600
+@@ -1136,13 +1136,16 @@ vty_telnet_option (struct vty *vty, unsi
+       break;
+     case SE: 
+       {
+-	char *buffer = (char *)vty->sb_buffer->head->data;
+-	int length = vty->sb_buffer->length;
+	char *buffer;
+	int length;
+ 
+-	if (buffer == NULL)
+	if (!vty->iac_sb_in_progress)
+ 	  return 0;
+ 
+-	if (!vty->iac_sb_in_progress)
+	buffer = (char *)vty->sb_buffer->head->data;
+	length = vty->sb_buffer->length;
+
+	if (buffer == NULL)
+ 	  return 0;
+ 
+ 	if (buffer[0] == '\0')