bug-inetutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug-inetutils] inetutils-1.4.2 - rshd bug


From: Martin J. Evans
Subject: [bug-inetutils] inetutils-1.4.2 - rshd bug
Date: Fri, 25 Jun 2004 11:43:24 +0100 (BST)

Hi,

Ths following snippet of code from rshd.c is wrong because it
keeps using a pointer returned from gethostbyname() after ANOTHER
gethostbyname is called in localhost. i.e. localhost() calls gethostbyname
but hp in this code is expecting to be pointing to the result of a previous
gethostbyname. The result is you get denied access and syslog says:

Jun 25 10:51:56 brock rshd[10197]: Host addr 192.168.0.64 not listed for host
brock.easysoft.local

In the syslog brock.easysoft.local (was the server machine) and it should
have been brimer.easysoft.local (the client).

The fix is:

address@hidden rshd]$ diff -u rshd.c rshd.c.new 
--- rshd.c      Wed Dec 11 12:38:00 2002
+++ rshd.c.new  Fri Jun 25 11:39:24 2004
@@ -463,12 +463,12 @@
 #endif
        if (check_all || local_domain (hp->h_name))
          {
-           char *remotehost = (char *) alloca (strlen (hp->h_name) + 1);
+           char *remotehost = (char *) alloca (strlen (hostname) + 1);
            if (! remotehost)
              errorstr = "Out of memory\n";
            else
              {
-               strcpy (remotehost, hp->h_name);
+               strcpy (remotehost, hostname);
                errorhost = remotehost;
                hp = gethostbyname (remotehost);
                if (hp == NULL)

extract from rshd.c:

  /* Get the "name" of the clent form its Internet address.
   * This is used for the autentication below
   */
  errorstr = NULL;
  hp = gethostbyaddr((char *)&fromp->sin_addr, sizeof (struct in_addr),
                     fromp->sin_family);
  if (hp)
    {
      /*
       * If name returned by gethostbyaddr is in our domain,
       * attempt to verify that we haven't been fooled by someone
       * in a remote net; look up the name and check that this
       * address corresponds to the name.
       */
      hostname = strdup (hp->h_name);
#ifdef  KERBEROS
      if (!use_kerberos)
#endif
        if (check_all || local_domain (hp->h_name))
          {
            char *remotehost = (char *) alloca (strlen (hp->h_name) + 1);
            if (! remotehost)
              errorstr = "Out of memory\n";
            else
              {
                strcpy (remotehost, hp->h_name);
                errorhost = remotehost;
                hp = gethostbyname (remotehost);
                if (hp == NULL)
                  {
                    syslog (LOG_INFO,
                            "Couldn't look up address for %s", remotehost);
                    errorstr = "Couldn't look up address for your host (%s)\n";
                    hostname = inet_ntoa (fromp->sin_addr);
                  }
                else
                  for (; ; hp->h_addr_list++)
                    {
                      if (hp->h_addr_list[0] == NULL)
                        {
                          syslog (LOG_NOTICE,
                                  "Host addr %s not listed for host %s",
                                  inet_ntoa (fromp->sin_addr), hp->h_name);
                          errorstr = "Host address mismatch for %s\n";
                          hostname = inet_ntoa (fromp->sin_addr);
                          break;
                        }
                      if (!memcmp (hp->h_addr_list[0],
                                   (caddr_t)&fromp->sin_addr,
                                   sizeof fromp->sin_addr))
                        {
                          hostname = hp->h_name;
                          break; /* equal, OK */
                        }
                    }
              }
          }
    }
  else
    errorhost = hostname = inet_ntoa (fromp->sin_addr);

Martin
--
Martin J. Evans
Easysoft Ltd, UK
Development





reply via email to

[Prev in Thread] Current Thread [Next in Thread]