Subject: Re: NetBSD Security Advisory 2007-004: Insufficient length checking in iso(4)
To: Anne Bennett <>
From: Greg Troxel <>
List: tech-security
Date: 07/28/2007 15:16:31
The release tag won't be moved.  You probably want to update to
netbsd-3-1 which is the tag for the stable branch along which 3.1 was
cut.  I just follow netbsd-3, which has more pullups, but I've never had
trouble from following a post-release stable branch.

'cvs log' on such a file is helpful.  excerpts

RCS file: /cvsroot/src/sys/netiso/clnp_subr.c,v
Working file: clnp_subr.c
head: 1.29
locks: strict
access list:
symbolic names:
	netbsd-3-1-RELEASE: 1.17
	netbsd-3-0-1-RELEASE: 1.17
	netbsd-3-0-RELEASE: 1.17
	netbsd-3-0-RC6: 1.17
	netbsd-3-base: 1.17
	netbsd-4-base: 1.21

As you can see it's mostly 1.17.

date: 2007/03/29 08:53:31;  author: ghen;  state: Exp;  lines: +35 -23
Pull up following revision(s) (requested by adrianp in ticket #1733):
	sys/netiso/clnp_subr.c: revision 1.27 via patch
A number of functions do not validate the length of arguments passed.
As a result of this a user could supply a bad 'sockaddr' structure to
clnp_route() via connect(2).
Issue found by Christer Oberg and patch from christos&#64; (NetBSD-SA2007-004)