I have "allow_missing_dns" and "allow_missing_reverse" set to "yes"
already. I also have "block all-users" set.
After digging through the source code a bit, I tracked it down to the
function "match_ipv4_list" in "pam_shield_lib.c" and the for loop that
loops over the octets in the ip and mask. GCC seems to do some somewhat
dodgy optimization of that loop, if you comment out the "break"
statement on line 124 you will get the following warning...
pam_shield_lib.c:126:23: warning: iteration 1u invokes undefined behavior
[-Waggressive-loop-optimizations]
if (( ip->ip.any[i] & ip->mask.any[i]) != (saddr[i] & ip->mask.any[i])) {
^
pam_shield_lib.c:125:5: note: containing loop
for(i = 0; i < sizeof(ip->ip.in.s_addr); i++) {
^
I found two ways to make the loop behave. Either you declare i volatile
or turn off optimization on that section of the code.
And don't forget about "match_ipv6_list", you probably have the same
problem there too.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1455061
Title:
White-listing IP-numbers or networks doesn't work
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam-shield/+bug/1455061/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
