% From: Chris Cappuccio [chris@DQC.ORG] ( Sent: Wednesday, August 18, 1999 1:45 PM To: BUGTRAQ@SECURITYFOCUS.COM  Subject: BASS diffs   G I made some diffs to get BASS to compile on OpenBSD and Solaris as well " as Linux..They are very minimal...  & diff -uN bass-1.0.7/BASS.c bass/BASS.c. --- bass-1.0.7/BASS.c	Sun Aug  8 12:43:51 1999( +++ bass/BASS.c	Mon Aug 16 15:15:13 1999 @@ -24,6 +24,7 @@   #include <errno.h>   #include <signal.h>  #include <sys/param.h>  +#include <sys/termios.h>     #include "list.h"  #include "readconf.h" @@ -487,11 +488,11 @@ ,        log("%s - [%s] OUT OF MEMORY?!?!?!.","  	  cgi_hooks[i].cgi_alias, host);
        break;  -    case EBADRQC	:  +    case EINVAL: *        log("%s - [%s] cgi not installed.","  	  cgi_hooks[i].cgi_alias, host);
        break;  -    case -1	:
 +    case -1: ,        log("%s - [%s] unknown cgi failure.","  	  cgi_hooks[i].cgi_alias, host);
        break;  @@ -526,12 +527,12 @@ $  	  scan_hooks[i].scan_alias, host);
        break;    -    case EBADRQC      : +    case EINVAL      : 2        log("%s - [%s] Host denied Iquery request",$  	  scan_hooks[i].scan_alias, host);
        break;    -    case EPROTO	    : +    case ENOPROTOOPT	    : ,        log("%s - [%s] server type mismatch",$  	  scan_hooks[i].scan_alias, host);
        break; * diff -uN bass-1.0.7/Makefile bass/Makefile0 --- bass-1.0.7/Makefile	Sun Aug  8 12:43:51 1999* +++ bass/Makefile	Mon Aug 16 15:29:06 1999 @@ -14,14 +14,15 @@ 7  BASS_DEFS = -DBASS_DEFAULT_DISTDIR=\"$(BASS_DISTDIR)\"   ?  # On Solaris you'll need to add *at least* these linker flags: I -# -lnsl -lsocket -lresolv -lrpc (is that how the rpc library is called?)  +# -lnsl -lsocket -lresolv  #$  # On Irix you'll need to... Hmmm...  #O  # Forget it! I'm not going to fight Unix. Here's a nickel kid, go buy yourself   # a Linux distribution.   -BASS_LIBS = +BASS_LIBS= $ +#BASS_LIBS =-lnsl -lsocket -lresolv  BASS_INCLUDES =  C  BASS_OBJS = BASS.o job.o log.o list.o xmalloc.o network.o icmp.o \  @@ -29,12 +30,12 @@   	cgi.o uname.o \ -  	bind.o imapd.o qpopper.o innd.o wingate.o \   	nfsmount_xdr.o rpc.o \ -	$(BASS_LIBS) +#	strsep.o     all: BASS	     BASS: $(BASS_OBJS)  -	$(CC) -o BASS $(BASS_OBJS)) +	$(CC) -o BASS $(BASS_OBJS) $(BASS_LIBS)     $(LIBPCLOAK_OBJ):-  	cd $(LIBPCLOAK_DIR); $(MAKE) $(LIBPCLOAK).a 6 diff -uN bass-1.0.7/README.SOLARIS bass/README.SOLARIS6 --- bass-1.0.7/README.SOLARIS	Wed Dec 31 16:00:00 19690 +++ bass/README.SOLARIS	Mon Aug 16 15:28:06 1999 @@ -0,0 +1,2 @@ 5 +Edit the makefile, *uncomment* the line for strsep.o A +and *uncomment* the BASS_LIBS that calls -lnsl -lsocket -lresolv & diff -uN bass-1.0.7/bind.c bass/bind.c. --- bass-1.0.7/bind.c	Sun Aug  8 12:43:51 1999( +++ bass/bind.c	Sun Aug 15 08:12:37 1999 @@ -69,7 +69,7 @@    dnsv = (HEADER *) vquery;      if(dnsi->rcode) {  -  errno = EBADRQC;  +  errno = EINVAL;
    return -1; 
   } else {      if(dnsv->rcode) {$ diff -uN bass-1.0.7/cgi.c bass/cgi.c- --- bass-1.0.7/cgi.c	Sun Aug  8 12:43:51 1999 ' +++ bass/cgi.c	Sun Aug 15 08:12:37 1999  @@ -78,7 +78,7 @@    /* Cgi not installed */ .   if(!strstr(*response, CGI_HTTP_HEADER_10) &&.      !strstr(*response, CGI_HTTP_HEADER_11)) { -  errno = EBADRQC;  +  errno = EINVAL;
    return -1;    }   & diff -uN bass-1.0.7/icmp.h bass/icmp.h. --- bass-1.0.7/icmp.h	Sun Aug  8 12:43:51 1999( +++ bass/icmp.h	Mon Aug 16 15:17:15 1999 @@ -13,8 +13,26 @@    */    -#include <netinet/ip_icmp.h>  +#include <netinet/in_systm.h>  #include <netinet/ip.h> +#include <netinet/ip_icmp.h>  +  +#if !defined(__linux__)
 +struct iphdr  +{  +#if BYTE_ORDER == LITTLE_ENDIAN' +  unsigned char ihl:4, version:4, tos;  +#elif BYTE_ORDER == BIG_ENDIAN ' +  unsigned char version:4, ihl:4, tos;  +#else! +#error "What is the BYTE_ORDER?"  +#endif ( +  unsigned short tot_len, id, frag_off; +  unsigned char ttl, protocol;  +  unsigned short check; +  unsigned int saddr, daddr;  +};  +#endif     #define LOCAL_ICMP   #ifndef LOCAL_ICMP ( diff -uN bass-1.0.7/imapd.c bass/imapd.c/ --- bass-1.0.7/imapd.c	Sun Aug  8 12:43:51 1999 ) +++ bass/imapd.c	Sun Aug 15 08:12:37 1999  @@ -56,7 +56,7 @@ 5      !(imap_flavour = strsep(&sepregister, delim)) || @        strncasecmp(imap_flavour, S_IMAP, strlen(S_IMAP)) != 0 ||.      !(version = strsep(&sepregister, delim))). - { close(tcpfd); errno = EPROTO; return -1; }3 + { close(tcpfd); errno = ENOPROTOOPT; return -1; }   (   if(!strcmp(imap_flavour, S_IMAP_2BIS))   {  @@ -72,7 +72,7 @@    else   {      close(tcpfd);  -   errno = EPROTO;  +   errno = ENOPROTOOPT;     return -1;   }   	, diff -uN bass-1.0.7/qpopper.c bass/qpopper.c1 --- bass-1.0.7/qpopper.c	Sun Aug  8 12:43:51 1999 + +++ bass/qpopper.c	Sun Aug 15 08:12:37 1999  @@ -44,7 +44,7 @@   D   if( !strstr(serverid, "QPOP") && !strstr(serverid, "QUALCOMM") ) {    close(tcpfd); -  errno = EPROTO; return -1; " +  errno = ENOPROTOOPT; return -1;
   } else {0      if((version = strstr(serverid, S_VERSION)))      {$ diff -uN bass-1.0.7/rpc.c bass/rpc.c- --- bass-1.0.7/rpc.c	Sun Aug  8 12:43:51 1999 ' +++ bass/rpc.c	Mon Aug 16 21:56:42 1999  @@ -148,9 +148,9 @@ B   tt_client = tclnttcp_create(&raddr, TOOLTALK_RPC, TOOLTALK_VERS,'  		             &rpcsock, 0, 0, timer);    if(!tt_client) {H -  /*-- Traditionally ECOMM has nothing to do with our situation. But weR +  /*-- Traditionally EPROTONOSUPPORT has nothing to do with our situation. But weD         endow it a NEW meaning: Any RPC communications failure. --*/( -  if(errno != ETIMEDOUT) errno = ECOMM;2 +  if(errno != ETIMEDOUT) errno = EPROTONOSUPPORT;
    return -1;    }    @@ -200,7 +200,7 @@ E   if(!(mount_client = clntudp_create(&raddr, MOUNTD_RPC, MOUNTD_VERS, 3  	                       retry_timeout, &rpcsock)))    {  -  errno = ECOMM;  +  errno = EPROTONOSUPPORT; 
    return -1;    }    @@ -230,7 +230,7 @@ ,      log("%s - [%s] RPC request timed out.",5                rpc_hooks[hook_slot].rpc_alias, host);       break;  -   case ECOMM		:  +   case EPROTONOSUPPORT		: 6      log("%s - [%s] RPC service communication error.",.  	      rpc_hooks[hook_slot].rpc_alias, host);      break; * diff -uN bass-1.0.7/strsep.c bass/strsep.c0 --- bass-1.0.7/strsep.c	Wed Dec 31 16:00:00 1969* +++ bass/strsep.c	Mon Aug 16 15:22:28 1999 @@ -0,0 +1,85 @@A +/*	$OpenBSD: strsep.c,v 1.3 1997/08/20 04:28:14 millert Exp $	*/  +  +/*- + * Copyright (c) 1990, 1993F + *	The Regents of the University of California.  All rights reserved. + * F + * Redistribution and use in source and binary forms, with or withoutF + * modification, are permitted provided that the following conditions + * are met:E + * 1. Redistributions of source code must retain the above copyright D + *    notice, this list of conditions and the following disclaimer.H + * 2. Redistributions in binary form must reproduce the above copyrightJ + *    notice, this list of conditions and the following disclaimer in theK + *    documentation and/or other materials provided with the distribution. L + * 3. All advertising materials mentioning features or use of this software2 + *    must display the following acknowledgement:A + *	This product includes software developed by the University of . + *	California, Berkeley and its contributors.K + * 4. Neither the name of the University nor the names of its contributors L + *    may be used to endorse or promote products derived from this software1 + *    without specific prior written permission.  + * K + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND I + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE N + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSEL + * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLEN + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIALK + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS I + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) N + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICTM + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY J + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ +  +#include <string.h> +#include <stdio.h>  + ) +#if defined(LIBC_SCCS) && !defined(lint)  +#if 0= +static char sccsid[] = "@(#)strsep.c	8.1 (Berkeley) 6/4/93";  +#elseS +static char *rcsid = "$OpenBSD: strsep.c,v 1.3 1997/08/20 04:28:14 millert Exp $";  +#endif $ +#endif /* LIBC_SCCS and not lint */ +  +/* H + * Get next token from string *stringp, where tokens are possibly-empty/ + * strings separated by characters from delim.  + * : + * Writes NULs into the string at *stringp to end tokens.5 + * delim need not remain constant from call to call. H + * On return, *stringp points past the last NUL written (if there mightL + * be further tokens), or is NULL (if there are definitely no more tokens). + * - + * If *stringp is NULL, strsep returns NULL.  + */ +char *  +strsep(stringp, delim)  +	register char **stringp; +	register const char *delim;  +{ +	register char *s;  +	register const char *spanp;  +	register int c, sc;  +	char *tok; +  +	if ((s = *stringp) == NULL)  +		return (NULL);  +	for (tok = s;;) {  +		c = *s++; +		spanp = delim;  +		do {  +			if ((sc = *spanp++) == c) {  +				if (c == 0) +					s = NULL; 	 +				else  +					s[-1] = 0; +				*stringp = s; +				return (tok); +			}  +		} while (sc != 0);  +	}  +	/* NOTREACHED */ +}, diff -uN bass-1.0.7/wingate.c bass/wingate.c1 --- bass-1.0.7/wingate.c	Sun Aug  8 12:43:51 1999 + +++ bass/wingate.c	Sun Aug 15 08:12:38 1999  @@ -41,7 +41,7 @@     if(!setjmp(jmpbuf))    {L     if((n = read(sockfd, response + bytes, MAX_RESPONSE_SIZE - bytes)) <= 0)" -   { errno = EPROTO; goto fail; }' +   { errno = ENOPROTOOPT; goto fail; } 
     alarm(0);        for(i = 0; i<n; i++)     --J Corporations are not evil. That kind of anthropomorphism is inappropriate.F Corporations are too stupid to be evil, only people can be that.  -jwz