diff options
author | beech <beech@FreeBSD.org> | 2008-01-17 03:53:19 +0000 |
---|---|---|
committer | beech <beech@FreeBSD.org> | 2008-01-17 03:53:19 +0000 |
commit | f3df145676f681cbc6717efb35531134202b0e9c (patch) | |
tree | 6c1af5fec2fd2c1d6dc2e57aec4571ab1d9ec4b7 /ftp/proftpd | |
parent | 935c71751a077d4e0e0bb75096e0fc39007632e5 (diff) | |
download | FreeBSD-ports-f3df145676f681cbc6717efb35531134202b0e9c.zip FreeBSD-ports-f3df145676f681cbc6717efb35531134202b0e9c.tar.gz |
- Fix IPv4-mapped IPv6 connections not matched properly against IP
glob ACLs.
- Bump portrevision.
Submitted by: TJ Saunders <tj@castaglia.org> (vendor)
Approved by: linimon (mentor)
Diffstat (limited to 'ftp/proftpd')
-rw-r--r-- | ftp/proftpd/Makefile | 2 | ||||
-rw-r--r-- | ftp/proftpd/files/patch-src_netaddr.c | 88 |
2 files changed, 89 insertions, 1 deletions
diff --git a/ftp/proftpd/Makefile b/ftp/proftpd/Makefile index 819a575..36beb6e 100644 --- a/ftp/proftpd/Makefile +++ b/ftp/proftpd/Makefile @@ -7,7 +7,7 @@ PORTNAME= proftpd DISTVERSION= 1.3.1 -PORTREVISION= 5 +PORTREVISION= 6 CATEGORIES= ftp MASTER_SITES= ftp://ftp.proftpd.org/distrib/source/ \ ftp://ftp.fastorama.com/mirrors/ftp.proftpd.org/distrib/source/ \ diff --git a/ftp/proftpd/files/patch-src_netaddr.c b/ftp/proftpd/files/patch-src_netaddr.c new file mode 100644 index 0000000..00ff140 --- /dev/null +++ b/ftp/proftpd/files/patch-src_netaddr.c @@ -0,0 +1,88 @@ +Index: src/netaddr.c +=================================================================== +RCS file: /cvsroot/proftp/proftpd/src/netaddr.c,v +retrieving revision 1.61 +diff -u -r1.61 netaddr.c +--- src/netaddr.c 9 Oct 2007 21:56:23 -0000 1.61 ++++ src/netaddr.c 17 Jan 2008 01:34:45 -0000 +@@ -816,6 +816,9 @@ + if (pr_netaddr_is_v4mappedv6(na1) == TRUE) { + tmp_pool = make_sub_pool(permanent_pool); + ++ pr_trace_msg(trace_channel, 5, "addr '%s' is an IPv4-mapped IPv6 address", ++ pr_netaddr_get_ipstr((pr_netaddr_t *) na1)); ++ + /* This case means that na1 is an IPv4-mapped IPv6 address, and + * na2 is an IPv4 address. + */ +@@ -834,6 +837,9 @@ + } else if (pr_netaddr_is_v4mappedv6(na2) == TRUE) { + tmp_pool = make_sub_pool(permanent_pool); + ++ pr_trace_msg(trace_channel, 5, "addr '%s' is an IPv4-mapped IPv6 address", ++ pr_netaddr_get_ipstr((pr_netaddr_t *) na2)); ++ + /* This case means that na is an IPv4 address, and na2 is an + * IPv4-mapped IPv6 address. + */ +@@ -1105,6 +1111,36 @@ + ipstr, pattern); + return TRUE; + } ++ ++ /* If the address is an IPv4-mapped IPv6 address, get the IPv4 address ++ * and try to match that against the configured glob pattern. ++ */ ++ if (pr_netaddr_is_v4mappedv6(na) == TRUE) { ++ pool *tmp_pool; ++ pr_netaddr_t *a; ++ ++ pr_trace_msg(trace_channel, 5, "addr '%s' is an IPv4-mapped IPv6 address", ++ ipstr); ++ ++ tmp_pool = make_sub_pool(permanent_pool); ++ a = pr_netaddr_alloc(tmp_pool); ++ pr_netaddr_set_family(a, AF_INET); ++ pr_netaddr_set_port(a, pr_netaddr_get_port(na)); ++ memcpy(&a->na_addr.v4.sin_addr, get_v4inaddr(na), ++ sizeof(struct in_addr)); ++ ++ ipstr = pr_netaddr_get_ipstr(a); ++ ++ if (pr_fnmatch(pattern, ipstr, match_flags) == 0) { ++ pr_trace_msg(trace_channel, 6, "DNS name '%s' matches pattern '%s'", ++ ipstr, pattern); ++ ++ destroy_pool(tmp_pool); ++ return TRUE; ++ } ++ ++ destroy_pool(tmp_pool); ++ } + } + + pr_trace_msg(trace_channel, 4, "addr %s does not match pattern '%s'", +@@ -1424,18 +1460,21 @@ + + #ifdef PR_USE_IPV6 + case AF_INET6: { ++ int res; ++ + if (!use_ipv6) { + errno = EINVAL; + return -1; + } + + # ifndef LINUX +- return IN6_IS_ADDR_V4MAPPED( ++ res = IN6_IS_ADDR_V4MAPPED( + (struct in6_addr *) pr_netaddr_get_inaddr(na)); + # else +- return IN6_IS_ADDR_V4MAPPED( ++ res = IN6_IS_ADDR_V4MAPPED( + ((struct in6_addr *) pr_netaddr_get_inaddr(na))->s6_addr32); + # endif ++ return res; + } + #endif /* PR_USE_IPV6 */ + } |