From owner-freebsd-ports-bugs@FreeBSD.ORG Fri Oct 7 21:20:02 2011 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 59FC11065670 for ; Fri, 7 Oct 2011 21:20:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 2FE6D8FC0A for ; Fri, 7 Oct 2011 21:20:02 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p97LK2rS026131 for ; Fri, 7 Oct 2011 21:20:02 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p97LK2sK026126; Fri, 7 Oct 2011 21:20:02 GMT (envelope-from gnats) Resent-Date: Fri, 7 Oct 2011 21:20:02 GMT Resent-Message-Id: <201110072120.p97LK2sK026126@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Michael Scheidell Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9C36E1065670 for ; Fri, 7 Oct 2011 21:10:13 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22]) by mx1.freebsd.org (Postfix) with ESMTP id 723EC8FC0C for ; Fri, 7 Oct 2011 21:10:13 +0000 (UTC) Received: from red.freebsd.org (localhost [127.0.0.1]) by red.freebsd.org (8.14.4/8.14.4) with ESMTP id p97LADdB064498 for ; Fri, 7 Oct 2011 21:10:13 GMT (envelope-from nobody@red.freebsd.org) Received: (from nobody@localhost) by red.freebsd.org (8.14.4/8.14.4/Submit) id p97LADpl064497; Fri, 7 Oct 2011 21:10:13 GMT (envelope-from nobody) Message-Id: <201110072110.p97LADpl064497@red.freebsd.org> Date: Fri, 7 Oct 2011 21:10:13 GMT From: Michael Scheidell To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: ports/161383: security/snortsam version 2.7.0 returns bad code from system() X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Oct 2011 21:20:02 -0000 >Number: 161383 >Category: ports >Synopsis: security/snortsam version 2.7.0 returns bad code from system() >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Oct 07 21:20:01 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Michael Scheidell >Release: 7.4 amd >Organization: SECNAP Network Security Corp >Environment: >Description: not sure if its amd64, 7.4, or what. other system() calls seem fine, but this one seem to fail when it should not. (i checked, manually injecting ip's, taking them out, etc) where the cli would return a 0x00 from a certain system() call, this one seems to return a 0x4700 (when it should be 0) attached patch against 2.7.0 masks all but last 0xff. >How-To-Repeat: tail the log. look for this: 2011/10/07, 15:09:07, -, 2, snortsam, Removing 86400 sec complete block for host 221.231.140.206. 2011/10/07, 15:09:07, -, 1, ipfw2, Error: Command "/sbin/ipfw table 3 delete 221.231.140.206/32;/sbin/ipfw table 4 delete 221.231.140.206/32" Failed added debug code and verified that its returning 0x4700, when command actually succeeded. >Fix: change this: if (system(ipfw2cmd) ) to this if ((system(ipfw2cmd) && 0xff) ) see attached patch. portversion bumped. Patch attached with submission follows: diff -bBru /tmp/snortsam/Makefile snortsam/Makefile --- /tmp/snortsam/Makefile 2011-06-15 09:52:50.000000000 -0400 +++ snortsam/Makefile 2011-10-07 17:00:07.000000000 -0400 @@ -7,6 +7,7 @@ PORTNAME= snortsam PORTVERSION= 2.70 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= http://www.snortsam.net/files/snortsam/ DISTNAME= ${PORTNAME}-src-${PORTVERSION} diff -bBru /tmp/snortsam/files/patch-ssp_ipfw2.c snortsam/files/patch-ssp_ipfw2.c --- /tmp/snortsam/files/patch-ssp_ipfw2.c 2011-10-07 16:59:53.000000000 -0400 +++ snortsam/files/patch-ssp_ipfw2.c 2011-10-07 16:55:50.000000000 -0400 @@ -0,0 +1,13 @@ +--- src/ssp_ipfw2.c 2008-04-26 15:53:21.000000000 -0400 ++++ src/ssp_ipfw2.c 2011-10-07 15:47:50.000000000 -0400 +@@ -167,8 +167,8 @@ + printf("Debug: [ipfw2][%lx] command \"%s\"\n", (unsigned long)threadid, ipfw2cmd); + #endif + /* Run the command */ +- if (system(ipfw2cmd) ) ++ if ((system(ipfw2cmd) && 0xff) ) + { snprintf(msg,sizeof(msg)-1,"Error: Command \"%s\" Failed", ipfw2cmd); + logmessage(1,msg,"ipfw2",0); + } + else + >Release-Note: >Audit-Trail: >Unformatted: