Bug#405342: libwrap0: hosts.deny becomes useless

Tue, 02 Jan 2007 17:24:05 -0800 

package libwrap0
tags 405342 + patch
thanks

Dnia wtorek, 2 stycznia 2007 20:24, Jamin W. Collins napisaƂ:
> ...
> $ /usr/sbin/tcpdmatch vnc 192.168.10.178
> warning: vnc: no such process name in /etc/inetd.conf
> client:   address  192.168.10.178
> server:   process  vnc
> access:   granted
> 
> Why is this granted?  It shouldn't be.

Try this:

$ /usr/sbin/tcpdmatch [EMAIL PROTECTED] 192.168.10.178
warning: vnc: no such process name in /etc/inetd.conf
warning: host address 192.168.10.177->name lookup failed
client:   address  192.168.10.178
server:   address  192.168.10.177
server:   process  vnc
matched:  /etc/hosts.deny line 21
access:   denied

Denied, as it should be. The bug exhibits only if there is no info on server 
socket.

The following patch corrects the problem for me.

diff -ruNp tcp_wrappers_7.6.orig/hosts_access.c tcp_wrappers_7.6/hosts_access.c
--- tcp_wrappers_7.6.orig/hosts_access.c        2007-01-03 00:40:22.000000000 
+0100
+++ tcp_wrappers_7.6/hosts_access.c     2007-01-03 00:40:14.000000000 +0100
@@ -242,14 +242,14 @@ static int daemon_or_port_match(char *to
     unsigned int port, sin_port;
     char junk;

-    if (!request->server->sin)
-       return (NO);
-
     /* daemon name */
     if (sscanf(tok, "%u%c", &port, &junk) != 1 || port > 65535)
        return (string_match(tok, eval_daemon(request)));

     /* port number */
+    if (!request->server->sin)
+       return (NO);
+
 #ifdef INET6
     sin_port = ntohs(((struct sockaddr_in *)request->server->sin)->sin_port);
 #else

Janusz

diff -ruNp tcp_wrappers_7.6.orig/hosts_access.c tcp_wrappers_7.6/hosts_access.c
--- tcp_wrappers_7.6.orig/hosts_access.c	2007-01-03 00:40:22.000000000 +0100
+++ tcp_wrappers_7.6/hosts_access.c	2007-01-03 00:40:14.000000000 +0100
@@ -242,14 +242,14 @@ static int daemon_or_port_match(char *to
     unsigned int port, sin_port;
     char junk;
 
-    if (!request->server->sin)
-	return (NO);
-
     /* daemon name */
     if (sscanf(tok, "%u%c", &port, &junk) != 1 || port > 65535)
 	return (string_match(tok, eval_daemon(request)));
 
     /* port number */
+    if (!request->server->sin)
+	return (NO);
+
 #ifdef INET6
     sin_port = ntohs(((struct sockaddr_in *)request->server->sin)->sin_port);
 #else

Reply via email to