(1) SECURITY:

Fix for remote identification. http://www.honeyd.org/adv.2006-01 (2) Force use of compiled-in UID/GID.
2006-02-19 17:09:32 +00:00 · 2006-02-19 17:09:32 +00:00 · e8108b34d2
commit e8108b34d2
parent d4dcb22aec
4 changed files with 80 additions and 5 deletions
--- a/net/honeyd/Makefile
+++ b/net/honeyd/Makefile
@ -1,10 +1,10 @@
-# $OpenBSD: Makefile,v 1.12 2005/11/16 23:23:34 naddy Exp $
+# $OpenBSD: Makefile,v 1.13 2006/02/19 17:09:32 naddy Exp $

 NOT_FOR_ARCHS=	${NO_SHARED_ARCHS}

 COMMENT=	"utility to create virtual hosts on a network"
 DISTNAME=	honeyd-1.0
-PKGNAME=	${DISTNAME}p2
+PKGNAME=	${DISTNAME}p3
 CATEGORIES=	net
 MASTER_SITES=	http://www.citi.umich.edu/u/provos/honeyd/ \
 		http://niels.xtdnet.nl/honeyd/
--- a/net/honeyd/patches/patch-ipfrag_c
+++ b/net/honeyd/patches/patch-ipfrag_c
@ -0,0 +1,64 @@
+$OpenBSD: patch-ipfrag_c,v 1.1 2006/02/19 17:09:32 naddy Exp $
+--- ipfrag.c.orig	Fri Dec 31 20:13:38 2004
+++ ipfrag.c	Sun Feb 19 17:54:36 2006
+@@ -81,6 +81,7 @@ fragcompare(struct fragment *a, struct f
+ 	DIFF(a->ip_src, b->ip_src);
+ 	DIFF(a->ip_dst, b->ip_dst);
+ 	DIFF(a->ip_id, b->ip_id);
+	DIFF(a->ip_proto, b->ip_proto);
+ 
+ 	return (0);
+ }
+@@ -105,13 +106,14 @@ ip_fragment_init(void)
+ }
+ 
+ struct fragment *
+-ip_fragment_find(ip_addr_t src, ip_addr_t dst, u_short id)
+ip_fragment_find(ip_addr_t src, ip_addr_t dst, u_short id, u_char proto)
+ {
+ 	struct fragment tmp, *frag;
+ 
+ 	tmp.ip_src = src;
+ 	tmp.ip_dst = dst;
+ 	tmp.ip_id = id;
+	tmp.ip_proto = proto;
+ 
+ 	frag = SPLAY_FIND(fragtree, &fragments, &tmp);
+ 
+@@ -179,7 +181,8 @@ ip_fragment_reclaim(int count)
+ }
+ 
+ struct fragment *
+-ip_fragment_new(ip_addr_t src, ip_addr_t dst, u_short id, enum fragpolicy pl)
+ip_fragment_new(ip_addr_t src, ip_addr_t dst, u_short id, u_char proto,
+    enum fragpolicy pl)
+ {
+ 	struct fragment *tmp = NULL;
+ 	struct timeval tv = { IPFRAG_TIMEOUT, 0};
+@@ -202,6 +205,7 @@ ip_fragment_new(ip_addr_t src, ip_addr_t
+ 	tmp->ip_src = src;
+ 	tmp->ip_dst = dst;
+ 	tmp->ip_id = id;
+	tmp->ip_proto = proto;
+ 	tmp->fragp = pl;
+ 
+ 	TAILQ_INIT(&tmp->fraglist);
+@@ -358,7 +362,7 @@ ip_fragment(struct template *tmpl, struc
+ 	if (fragp == FRAG_DROP)
+ 		goto drop;
+ 
+-	fragq = ip_fragment_find(ip->ip_src, ip->ip_dst, ip->ip_id);
+	fragq = ip_fragment_find(ip->ip_src, ip->ip_dst, ip->ip_id, ip->ip_p);
+ 
+ 	/* Nothing here for now */
+ 	off = ntohs(ip->ip_off);
+@@ -383,7 +387,8 @@ ip_fragment(struct template *tmpl, struc
+ 		goto freeall;
+ 
+ 	if (fragq == NULL) {
+-		fragq = ip_fragment_new(ip->ip_src, ip->ip_dst, ip->ip_id, fragp);
+		fragq = ip_fragment_new(ip->ip_src, ip->ip_dst, ip->ip_id,
+		    ip->ip_p, fragp);
+ 		if (fragq == NULL)
+ 			goto drop;
+ 	}
--- a/net/honeyd/patches/patch-ipfrag_h
+++ b/net/honeyd/patches/patch-ipfrag_h
@ -0,0 +1,11 @@
+$OpenBSD: patch-ipfrag_h,v 1.1 2006/02/19 17:09:32 naddy Exp $
+--- ipfrag.h.orig	Fri Dec 31 20:13:43 2004
+++ ipfrag.h	Sun Feb 19 17:54:36 2006
+@@ -52,6 +52,7 @@ struct fragment {
+ 	ip_addr_t ip_src;	/* Network order */
+ 	ip_addr_t ip_dst;	/* Network order */
+ 	u_short ip_id;		/* Network order */
+	u_char ip_proto;
+ 
+ 	u_short maxlen;		
+ 	u_short hadlastpacket;
--- a/net/honeyd/pkg/PLIST
+++ b/net/honeyd/pkg/PLIST
@ -1,6 +1,6 @@
-@comment $OpenBSD: PLIST,v 1.5 2005/07/23 14:24:52 aanriot Exp $
-@newgroup _honeyd:546
-@newuser _honeyd:546:_honeyd:daemon:honeyd user:/nonexistent:/sbin/nologin
+@comment $OpenBSD: PLIST,v 1.6 2006/02/19 17:09:32 naddy Exp $
+@newgroup _honeyd:!546
+@newuser _honeyd:!546:!_honeyd:daemon:honeyd user:/nonexistent:/sbin/nologin
 bin/honeyd
 bin/honeydctl
 include/honeyd/