Pullup ticket 1150 - requested by Adrian Portelli

security fix for honeyd

Patch provided by the submitter.

http://www.honeyd.org/adv.2006-01

4 files changed, 82 insertions, 3 deletions

diff --git a/security/honeyd/Makefile b/security/honeyd/Makefile
index 80764429f0f..35e7db6a626 100644
--- a/security/honeyd/Makefile
+++ b/security/honeyd/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.12 2005/12/05 20:50:56 rillig Exp $
+# $NetBSD: Makefile,v 1.12.2.1 2006/02/20 14:01:22 salo Exp $
 #
 
 DISTNAME=	honeyd-1.0
-PKGREVISION=	1
+PKGREVISION=	2
 CATEGORIES=	security net
 MASTER_SITES=	http://niels.xtdnet.nl/honeyd/
 
diff --git a/security/honeyd/distinfo b/security/honeyd/distinfo
index d9857e3ed83..fd5069bdca6 100644
--- a/security/honeyd/distinfo
+++ b/security/honeyd/distinfo
@@ -1,6 +1,8 @@
-$NetBSD: distinfo,v 1.3 2005/02/24 13:10:06 agc Exp $
+$NetBSD: distinfo,v 1.3.8.1 2006/02/20 14:01:22 salo Exp $
 
 SHA1 (honeyd-1.0.tar.gz) = abff00cf7815b6448e5432be8b4710f39bf2119f
 RMD160 (honeyd-1.0.tar.gz) = d5c28f8987dd22d266348cf908f008423a63fc49
 Size (honeyd-1.0.tar.gz) = 600339 bytes
 SHA1 (patch-aa) = 83d823e891e2837fab85a0cda5a67dded772c97d
+SHA1 (patch-ab) = b17662d2a096ef3b209a208a8e6e0ed6e71ebdbe
+SHA1 (patch-ac) = 141b85ca569e69265d2e06520fc4cee71ca5762d
diff --git a/security/honeyd/patches/patch-ab b/security/honeyd/patches/patch-ab
new file mode 100644
index 00000000000..5bb98098366
--- /dev/null
+++ b/security/honeyd/patches/patch-ab
@@ -0,0 +1,65 @@
+$NetBSD: patch-ab,v 1.1.2.1 2006/02/20 14:01:23 salo Exp $
+
+--- ipfrag.c.orig	2004-12-31 19:13:38.000000000 +0000
++++ ipfrag.c
+@@ -81,6 +81,7 @@ fragcompare(struct fragment *a, struct f
+ 	DIFF(a->ip_src, b->ip_src);
+ 	DIFF(a->ip_dst, b->ip_dst);
+ 	DIFF(a->ip_id, b->ip_id);
++	DIFF(a->ip_proto, b->ip_proto);
+ 
+ 	return (0);
+ }
+@@ -105,13 +106,14 @@ ip_fragment_init(void)
+ }
+ 
+ struct fragment *
+-ip_fragment_find(ip_addr_t src, ip_addr_t dst, u_short id)
++ip_fragment_find(ip_addr_t src, ip_addr_t dst, u_short id, u_char proto)
+ {
+ 	struct fragment tmp, *frag;
+ 
+ 	tmp.ip_src = src;
+ 	tmp.ip_dst = dst;
+ 	tmp.ip_id = id;
++	tmp.ip_proto = proto;
+ 
+ 	frag = SPLAY_FIND(fragtree, &fragments, &tmp);
+ 
+@@ -179,7 +181,8 @@ ip_fragment_reclaim(int count)
+ }
+ 
+ struct fragment *
+-ip_fragment_new(ip_addr_t src, ip_addr_t dst, u_short id, enum fragpolicy pl)
++ip_fragment_new(ip_addr_t src, ip_addr_t dst, u_short id, u_char proto,
++    enum fragpolicy pl)
+ {
+ 	struct fragment *tmp = NULL;
+ 	struct timeval tv = { IPFRAG_TIMEOUT, 0};
+@@ -202,6 +205,7 @@ ip_fragment_new(ip_addr_t src, ip_addr_t
+ 	tmp->ip_src = src;
+ 	tmp->ip_dst = dst;
+ 	tmp->ip_id = id;
++	tmp->ip_proto = proto;
+ 	tmp->fragp = pl;
+ 
+ 	TAILQ_INIT(&tmp->fraglist);
+@@ -358,7 +362,7 @@ ip_fragment(struct template *tmpl, struc
+ 	if (fragp == FRAG_DROP)
+ 		goto drop;
+ 
+-	fragq = ip_fragment_find(ip->ip_src, ip->ip_dst, ip->ip_id);
++	fragq = ip_fragment_find(ip->ip_src, ip->ip_dst, ip->ip_id, ip->ip_p);
+ 
+ 	/* Nothing here for now */
+ 	off = ntohs(ip->ip_off);
+@@ -383,7 +387,8 @@ ip_fragment(struct template *tmpl, struc
+ 		goto freeall;
+ 
+ 	if (fragq == NULL) {
+-		fragq = ip_fragment_new(ip->ip_src, ip->ip_dst, ip->ip_id, fragp);
++		fragq = ip_fragment_new(ip->ip_src, ip->ip_dst, ip->ip_id,
++		    ip->ip_p, fragp);
+ 		if (fragq == NULL)
+ 			goto drop;
+ 	}
diff --git a/security/honeyd/patches/patch-ac b/security/honeyd/patches/patch-ac
new file mode 100644
index 00000000000..5feb2d6d70b
--- /dev/null
+++ b/security/honeyd/patches/patch-ac
@@ -0,0 +1,12 @@
+$NetBSD: patch-ac,v 1.1.2.1 2006/02/20 14:01:23 salo Exp $
+
+--- ipfrag.h.orig	2004-12-31 19:13:43.000000000 +0000
++++ ipfrag.h
+@@ -52,6 +52,7 @@ struct fragment {
+ 	ip_addr_t ip_src;	/* Network order */
+ 	ip_addr_t ip_dst;	/* Network order */
+ 	u_short ip_id;		/* Network order */
++	u_char ip_proto;
+ 
+ 	u_short maxlen;		
+ 	u_short hadlastpacket;