bin/49580: ipftest command should use MD5 functions of the system, instead of internals in ipf.

[oshima-ya%yagoto-urayama.jp@localhost]

>Number:         49580
>Category:       bin
>Synopsis:       ipftest command should use MD5 functions of the system, instead of internals in ipf.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Jan 17 05:35:00 +0000 2015
>Originator:     Yasushi Oshima
>Release:        NetBSD 7.0_BETA
>Organization:
>Environment:
NetBSD usl5p1 7.0_BETA NetBSD 7.0_BETA (GENERIC) #0: Fri Jan 15 00:08:45 JST 2015  oshima@sweety:/export/netbsd-7/obj/landisk/sys/arch/landisk/compile/GENERIC landisk
>Description:
A ipftest of netbsd-7 and -current use MD5 functions of ipf-distribution, but NetBSD has them in system libc.

Makefile of ipftest directs to compile and link ipf-distribution's md5.c, but ip_dstlist.c called from ipftest includes sys/md5.h.
MD5_CTX structure of ipf's md5.h is different from sys/md5.h.
This will cause an unexpected result (for example buffer-overflow, destruct stack, SIGSEGV, ...).

>How-To-Repeat:

# ipftest -RD -b -P /usr/tests/ipf/regress/p10.pool -N /usr/tests/ipf/regress/p10.nat -i /usr/tests/ipf/input/p10

Segmentation fault (core dumped)

>Fix:
--- external/bsd/ipf/bin/ipftest/Makefile       24 Mar 2012 00:32:50 -0000      1.2
+++ external/bsd/ipf/bin/ipftest/Makefile       17 Jan 2015 05:13:43 -0000
@@ -7,7 +7,7 @@
                ip_proxy.c ip_auth.c ip_htable.c ip_lookup.c \
                ip_dstlist.c ip_pool.c ip_sync.c \
                ip_fil.c ip_log.c ippool_y.c ippool_l.c ipf_y.c \
-               ipf_l.c ipnat_y.c ipnat_l.c md5.c radix_ipf.c bpf_filter.c
+               ipf_l.c ipnat_y.c ipnat_l.c radix_ipf.c bpf_filter.c
 MAN=           ipftest.1

 CPPFLAGS+=     -DIPFILTER_LOG -DIPFILTER_LOOKUP \