[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug-inetutils] inetutils-1.4.2 - rshd bug
From: |
Martin J. Evans |
Subject: |
[bug-inetutils] inetutils-1.4.2 - rshd bug |
Date: |
Fri, 25 Jun 2004 11:43:24 +0100 (BST) |
Hi,
Ths following snippet of code from rshd.c is wrong because it
keeps using a pointer returned from gethostbyname() after ANOTHER
gethostbyname is called in localhost. i.e. localhost() calls gethostbyname
but hp in this code is expecting to be pointing to the result of a previous
gethostbyname. The result is you get denied access and syslog says:
Jun 25 10:51:56 brock rshd[10197]: Host addr 192.168.0.64 not listed for host
brock.easysoft.local
In the syslog brock.easysoft.local (was the server machine) and it should
have been brimer.easysoft.local (the client).
The fix is:
address@hidden rshd]$ diff -u rshd.c rshd.c.new
--- rshd.c Wed Dec 11 12:38:00 2002
+++ rshd.c.new Fri Jun 25 11:39:24 2004
@@ -463,12 +463,12 @@
#endif
if (check_all || local_domain (hp->h_name))
{
- char *remotehost = (char *) alloca (strlen (hp->h_name) + 1);
+ char *remotehost = (char *) alloca (strlen (hostname) + 1);
if (! remotehost)
errorstr = "Out of memory\n";
else
{
- strcpy (remotehost, hp->h_name);
+ strcpy (remotehost, hostname);
errorhost = remotehost;
hp = gethostbyname (remotehost);
if (hp == NULL)
extract from rshd.c:
/* Get the "name" of the clent form its Internet address.
* This is used for the autentication below
*/
errorstr = NULL;
hp = gethostbyaddr((char *)&fromp->sin_addr, sizeof (struct in_addr),
fromp->sin_family);
if (hp)
{
/*
* If name returned by gethostbyaddr is in our domain,
* attempt to verify that we haven't been fooled by someone
* in a remote net; look up the name and check that this
* address corresponds to the name.
*/
hostname = strdup (hp->h_name);
#ifdef KERBEROS
if (!use_kerberos)
#endif
if (check_all || local_domain (hp->h_name))
{
char *remotehost = (char *) alloca (strlen (hp->h_name) + 1);
if (! remotehost)
errorstr = "Out of memory\n";
else
{
strcpy (remotehost, hp->h_name);
errorhost = remotehost;
hp = gethostbyname (remotehost);
if (hp == NULL)
{
syslog (LOG_INFO,
"Couldn't look up address for %s", remotehost);
errorstr = "Couldn't look up address for your host (%s)\n";
hostname = inet_ntoa (fromp->sin_addr);
}
else
for (; ; hp->h_addr_list++)
{
if (hp->h_addr_list[0] == NULL)
{
syslog (LOG_NOTICE,
"Host addr %s not listed for host %s",
inet_ntoa (fromp->sin_addr), hp->h_name);
errorstr = "Host address mismatch for %s\n";
hostname = inet_ntoa (fromp->sin_addr);
break;
}
if (!memcmp (hp->h_addr_list[0],
(caddr_t)&fromp->sin_addr,
sizeof fromp->sin_addr))
{
hostname = hp->h_name;
break; /* equal, OK */
}
}
}
}
}
else
errorhost = hostname = inet_ntoa (fromp->sin_addr);
Martin
--
Martin J. Evans
Easysoft Ltd, UK
Development
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [bug-inetutils] inetutils-1.4.2 - rshd bug,
Martin J. Evans <=