Re: traceroute as a flooder

[des () IFI UIO NO (Dag-Erling Smorgrav)]

Kris Kennaway <kkennawa () PHYSICS ADELAIDE EDU AU> writes:
> On Sat, 13 Feb 1999, Alfonso De Gregorio wrote:
> > BTW, i've tested these bugs only on x86 boxes with the most diffused
> > GNU/Linux distro: Debian, Slackware, RedHat (all of them with 2.0.34 kernel),
> > and on an alpha with Digital Unix V4.0
> Just confirming that the first one seems to work on Digital Unix v3.2, and
> FreeBSD 4.0 as well (both using -w 2147483647). I didn't check the second one
> yet.

Fixed in FreeBSD 4.0-CURRENT, 3.1-STABLE and 2.2-STABLE as of now. The
upcoming 3.1-RELEASE (to be released later today) will not be vulnerable.

The attached patch should apply cleanly against most recent versions
of FreeBSD (2.2 and up). To update your system, try the following
(assuming you have the sources):

# cd /usr/src/contrib/traceroute
# patch traceroute.c <attached_patch
# cd ../../usr.sbin/traceroute
# make
# make install

DES
--
Dag-Erling Smorgrav - des () ifi uio no

Index: traceroute.c
===================================================================
RCS file: /home/ncvs/src/contrib/traceroute/traceroute.c,v
retrieving revision 1.5
retrieving revision 1.5.2.1
diff -u -r1.5 -r1.5.2.1
--- traceroute.c        1996/10/08 19:16:24     1.5
+++ traceroute.c        1999/02/15 08:24:08     1.5.2.1
@@ -732,6 +732,8 @@
        wait.tv_sec = tp->tv_sec + waittime;
        wait.tv_usec = tp->tv_usec;
        (void)gettimeofday(&now, &tz);
+       if (wait.tv_sec < now.tv_sec + 1)
+               wait.tv_sec = now.tv_sec + 1;
        tvsub(&wait, &now);

        if (select(sock + 1, &fds, (fd_set *)0, (fd_set *)0, &wait) > 0)