pptpd freeze/disconnect

For versions not under development (and that includes Feisty now as it's so close), Ubuntu does not do complete version upgrades. Please give us details of the bug (including links to an upstream bug tracker, if any) and most particularly patches for the problem.

The bug is quite grave (wrong pointer and wrong reordering code logic).
Description and the patch are here:
http://sourceforge.net/mailarchive/forum.php?thread_name=20070414033808.GA5212%40linuxace.com&forum_name=poptop-server

Unfortunately, when I go there I cannot view the patch. I get an error. Would you please attach the upstream patch to this bug and I'll see what I can do.

Thank you.

From the upstream announcement of the patch:

The attached fixes two packet reordering bugs:

 1) The check for out-of-order sequence numbers only validates that the
 sequence received is > the previous sequence received. But this is
 invalid if for instance packet 20 is received after packet 10. It
 should instead verify packet received == previous packet + 1.

 2) The packet dequeue function was using the wrong pointer, which led
 to corruption of all packets placed on the queue when they were
 dequeued.

The attached patch is the code change for upstream version 1.34. Upstream felt this an important enough issue to make a release just for this patch.

Here is the diff in their CVS:

http://poptop.cvs.sourceforge.net/poptop/poptop/pptpgre.c?r1=1.8&r2=1.9&pathrev=HEAD

Here is the patch submission:

http://sourceforge.net/mailarchive/forum.php?thread_name=20070414033808.GA5212%40linuxace.com&forum_name=poptop-server

Patch for Edgy, not quite sure if I got the versioning right or not.

Patch for Dapper. Only only the first issue above applies to Dapper. The code for the second is not present in the Dapper version.

Scott, the actual code patch looks fine, there are just some packaging issues:

 * Do not change maintainer fields for dapper and edgy, their package tools have not been tested for this.
 * Please use 1.2.3-1ubuntu0.1 for dapper-proposed and 1.3.0-1ubuntu1.1 for edgy-proposed.
 * Changelog: Please include the upstream webcvs URL and a short explanation of the impact for users.

When you attach updated debdiffs, please set this to 'in progress'.
Thank you!

This bug was not completely fixed but there is need also this patch[1].

Further testing has revealed a couple more problems
with the packet reordering/buffering code.

1) Some clients (notably the PPTP client) start their sequence
   numbers at 1 instead of 0 as the RFC mandates. My previous
   fix caused problems with these clients.

2) Duplicate packets were causing corruption when they were
   placed on the queue but never used -or- when they were
   placed on the queue but already existed on the queue (i.e.
   they previously arrived out of order).

It was already applied to cvs[2].

[1]http://marc.info/?l=poptop-server&m=117737453400588&w=2
[2]http://marc.info/?l=poptop-server&m=117738442417475&w=2

Stefab,

Thank you. Since I have to redo the SRU anyway, I can include those. Before I invest the time in it, please let me know when you feel like you've got the complete patch set.

Also, would you please provide the changelog information that Martin Pitt requested above (Changelog: Please include the upstream webcvs URL and a short explanation of the impact for users)?

Once I have that, I'll reassemble the packages.

This problem looks like it is exploitable by a 3rd party. As a result, I'll shove it through the security update process instead of going the SRU route.

The web cvs is here http://poptop.cvs.sourceforge.net/poptop/poptop/
I cannot assure that the reordering code is 100% right now. But major issues seems solved as wrong pointer and logic errors in the code. I think that generally the quality of reordering code is not deeply revsioned. If any Canonical developer would investigate on the upstream reordering code i think we could be more sure of the quality of the code.

Thanks Kees, unsub'ing ubuntu-sru then.

This was released with USN-459-1.