[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug-inetutils] [PATCH] host validation error in rshd
|
From: |
Chris Rankin |
|
Subject: |
[bug-inetutils] [PATCH] host validation error in rshd |
|
Date: |
Fri, 28 Feb 2003 23:44:36 +0000 (GMT) |
Hi,
I guess the fact that this has lain undiscovered for so long means
that people aren't using rcp / rsh much any more, which can't be a bad
thing. Anyway, there's an issue with the use of the gethostbyaddr()
function. It's results are stored inside a static buffer within libc,
and rshd doesn't grab what it needs before they are clobbered by the
next call. This means that remote host authentication fails when you
rcp between *different* hosts.
Cheers,
Chris
--- inetutils-1.4.2/rshd/rshd.c.orig Wed Dec 11 12:38:00 2002
+++ inetutils-1.4.2/rshd/rshd.c Fri Feb 28 23:08:39 2003
@@ -443,7 +443,7 @@
dup2 (sockfd, STDERR_FILENO);
}
- /* Get the "name" of the clent form its Internet address.
+ /* Get the "name" of the client form its Internet address.
* This is used for the autentication below
*/
errorstr = NULL;
@@ -457,52 +457,49 @@
* in a remote net; look up the name and check that this
* address corresponds to the name.
*/
- hostname = strdup (hp->h_name);
+ const char *remotehost = strdup(hp->h_name);
#ifdef KERBEROS
if (!use_kerberos)
#endif
- if (check_all || local_domain (hp->h_name))
+ if (! remotehost)
+ errorstr = "Out of memory\n";
+ else if (check_all || local_domain (remotehost))
{
- char *remotehost = (char *) alloca (strlen (hp->h_name) + 1);
- if (! remotehost)
- errorstr = "Out of memory\n";
- else
+ errorhost = remotehost;
+ hp = gethostbyname (remotehost);
+ if (hp == NULL)
{
- strcpy (remotehost, hp->h_name);
- errorhost = remotehost;
- hp = gethostbyname (remotehost);
- if (hp == NULL)
+ syslog (LOG_INFO,
+ "Couldn't look up address for %s", remotehost);
+ errorstr = "Couldn't look up address for your host
(%s)\n";
+ hostname = strdup(inet_ntoa(fromp->sin_addr));
+ }
+ else
+ {
+ for (; ; hp->h_addr_list++)
{
- syslog (LOG_INFO,
- "Couldn't look up address for %s", remotehost);
- errorstr = "Couldn't look up address for your host (%s)\n";
- hostname = inet_ntoa (fromp->sin_addr);
+ if (hp->h_addr_list[0] == NULL)
+ {
+ syslog (LOG_NOTICE,
+ "Host addr %s not listed for host %s",
+ inet_ntoa (fromp->sin_addr), hp->h_name);
+ errorstr = "Host address mismatch for %s\n";
+ hostname = strdup(inet_ntoa(fromp->sin_addr));
+ break;
+ }
+ if (!memcmp (hp->h_addr_list[0],
+ (caddr_t)&fromp->sin_addr,
+ sizeof fromp->sin_addr))
+ {
+ hostname = strdup(hp->h_name);
+ break; /* equal, OK */
+ }
}
- else
- for (; ; hp->h_addr_list++)
- {
- if (hp->h_addr_list[0] == NULL)
- {
- syslog (LOG_NOTICE,
- "Host addr %s not listed for host %s",
- inet_ntoa (fromp->sin_addr), hp->h_name);
- errorstr = "Host address mismatch for %s\n";
- hostname = inet_ntoa (fromp->sin_addr);
- break;
- }
- if (!memcmp (hp->h_addr_list[0],
- (caddr_t)&fromp->sin_addr,
- sizeof fromp->sin_addr))
- {
- hostname = hp->h_name;
- break; /* equal, OK */
- }
- }
- }
+ }
}
}
else
- errorhost = hostname = inet_ntoa (fromp->sin_addr);
+ errorhost = hostname = strdup(inet_ntoa(fromp->sin_addr));
#ifdef KERBEROS
if (use_kerberos)
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [bug-inetutils] [PATCH] host validation error in rshd,
Chris Rankin <=