From owner-freebsd-security Mon Aug 13 13:22: 0 2001 Delivered-To: freebsd-security@freebsd.org Received: from fasterix.frmug.org (s196.dhcp212-75.cybercable.fr [212.198.75.196]) by hub.freebsd.org (Postfix) with ESMTP id D9F6A37B406 for ; Mon, 13 Aug 2001 13:21:46 -0700 (PDT) (envelope-from pb@fasterix.frmug.org) Received: (from pb@localhost) by fasterix.frmug.org (8.11.4/8.9.3/pb-19990315) id f7DKLjM66748 for freebsd-security@freebsd.org; Mon, 13 Aug 2001 22:21:45 +0200 (CEST) Message-ID: <20010813222145.A66725@fasterix.frmug.org> Date: Mon, 13 Aug 2001 22:21:45 +0200 From: Pierre Beyssac To: freebsd-security@freebsd.org Subject: [pb@fasterix.freenix.org: bin/29026: fix for traceroute] Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.92.8i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, Any advice on this? Ruslan advised me to wait a return from the traceroute list at LBL, but no news from them since I sent the patch almost a month ago... Pierre ----- Forwarded message from Pierre Beyssac ----- Date: Mon, 16 Jul 2001 21:06:37 +0200 From: Pierre Beyssac To: freebsd-net@FreeBSD.ORG Cc: traceroute@ee.lbl.gov Subject: fix for traceroute (bin/29026) Could anyone check this fix for PR bin/29026 (traceroute -s option)? It just reenables the bind(2) call checking for the source address correctness, and moves the IP_HDRINCL after that (once IP_HDRINCL is enabled on the socket, bind doesn't check this anymore). It seems to work on my (very outdated) current as well as -stable, but I'm not able to check it on a recent -current, and although I have tested it with and without -s I may have missed some side effects with weird options combinations. If someone can confirm that this works, I can commit it. Index: traceroute.c =================================================================== RCS file: /home/ncvs/src/contrib/traceroute/traceroute.c,v retrieving revision 1.18 diff -u -r1.18 traceroute.c --- traceroute.c 2001/06/06 16:12:59 1.18 +++ traceroute.c 2001/07/16 18:53:44 @@ -727,13 +727,6 @@ exit(1); } #endif -#ifdef IP_HDRINCL - if (setsockopt(sndsock, IPPROTO_IP, IP_HDRINCL, (char *)&on, - sizeof(on)) < 0) { - Fprintf(stderr, "%s: IP_HDRINCL: %s\n", prog, strerror(errno)); - exit(1); - } -#endif if (options & SO_DEBUG) (void)setsockopt(sndsock, SOL_SOCKET, SO_DEBUG, (char *)&on, sizeof(on)); @@ -744,14 +737,19 @@ if (source != NULL) { source = savestr(getsin(&from, source)); outip->ip_src = from.sin_addr; -#ifndef IP_HDRINCL if (bind(sndsock, (struct sockaddr *)&from, sizeof(from)) < 0) { Fprintf(stderr, "%s: bind: %s\n", prog, strerror(errno)); exit (1); } -#endif } +#ifdef IP_HDRINCL + if (setsockopt(sndsock, IPPROTO_IP, IP_HDRINCL, (char *)&on, + sizeof(on)) < 0) { + Fprintf(stderr, "%s: IP_HDRINCL: %s\n", prog, strerror(errno)); + exit(1); + } +#endif #if defined(IPSEC) && defined(IPSEC_POLICY_IPSEC) if (setpolicy(sndsock, "in bypass") < 0) -- Pierre Beyssac pb@fasterix.frmug.org pb@fasterix.freenix.org Why write portable code when you can write Linux code? Free domains: http://www.eu.org/ or mail dns-manager@EU.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message ----- End forwarded message ----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message