Package: libwrap0 Version: 7.6.q-19 Severity: normal
Libwrap0 fails when there is a long line in /etc/hosts.deny, even if that line is a comment. The failure symptom is a busy loop. This causes e.g. sshd and tcpd to get stuck in a busy loop. An example of a bad configuration file is attached. -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Versions of packages libwrap0 depends on: ii libc6 2.11.2-2 Embedded GNU C Library: Shared lib Versions of packages libwrap0 recommends: ii tcpd 7.6.q-19 Wietse Venema's TCP wrapper utilit libwrap0 suggests no packages. -- no debconf information
# /etc/hosts.deny: list of hosts that are _not_ allowed to access the system. # See the manual pages hosts_access(5), hosts_options(5) # and /usr/doc/netbase/portmapper.txt.gz # # Example: ALL: some.host.name, .some.domain # ALL EXCEPT in.fingerd: other.host.name, .other.domain # # If you're going to protect the portmapper use the name "portmap" for the # daemon name. Remember that you can only use the keyword "ALL" and IP # addresses (NOT host or domain names) for the portmapper. See portmap(8) # and /usr/doc/portmap/portmapper.txt.gz for further information. # # The PARANOID wildcard matches any host whose name does not match its # address. You may wish to enable this to ensure any programs that don't # validate looked up hostnames still leave understandable logs. In past # versions of Debian this has been the default. # ALL: PARANOID #sshd: 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127. 0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127 .0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2, 127.0.0.2

