summaryrefslogtreecommitdiffstats
path: root/lib/libc/net
diff options
context:
space:
mode:
authorjdp <jdp@FreeBSD.org>2002-08-24 17:37:42 +0000
committerjdp <jdp@FreeBSD.org>2002-08-24 17:37:42 +0000
commit5e4153d48642b1dc2e6996b5e1ac0b0cce56e76d (patch)
tree7e718cf9d96f8025b28d8c862051d177c0246cbb /lib/libc/net
parent25a0b2072198cf9a11b601db4a7167409d8b9c64 (diff)
downloadFreeBSD-src-5e4153d48642b1dc2e6996b5e1ac0b0cce56e76d.zip
FreeBSD-src-5e4153d48642b1dc2e6996b5e1ac0b0cce56e76d.tar.gz
Fix a bug in __ivaliduser_sa() which caused some rsh/rlogin attempts
to fail needlessly if a reverse DNS lookup of the IP address didn't come up with a hostname. As a comment in the code clearly stated, the "damn hostname" was looked up only for the purpose of netgroup matching. But if that lookup failed, the function bailed out immediately even though in many cases netgroup matching would not be used. This change marks the hostname as unknown but continues. Where netgroup matching is performed, an unknown hostname is handled conservatively. I.e., for "+@netgroup" (accept) entries an unknown hostname never matches, and for "-@netgroup" (reject) entries an unknown hostname always matches. In the lines affected (only), I also fixed a few bogus casts. There are others, and in fact this entire file would be a good candidate for a cleanup sweep. Reviewed by: imp (wearing his flourescent yellow Security Team cap) MFC after: 2 days
Diffstat (limited to 'lib/libc/net')
-rw-r--r--lib/libc/net/rcmd.c10
1 files changed, 5 insertions, 5 deletions
diff --git a/lib/libc/net/rcmd.c b/lib/libc/net/rcmd.c
index 8ed3cb9..fea3887 100644
--- a/lib/libc/net/rcmd.c
+++ b/lib/libc/net/rcmd.c
@@ -621,7 +621,7 @@ __ivaliduser_sa(hostf, raddr, salen, luser, ruser)
/* We need to get the damn hostname back for netgroup matching. */
if (getnameinfo(raddr, salen, hname, sizeof(hname), NULL, 0,
NI_NAMEREQD) != 0)
- return (-1);
+ hname[0] = '\0';
while (fgets(buf, sizeof(buf), hostf)) {
p = buf;
@@ -660,16 +660,16 @@ __ivaliduser_sa(hostf, raddr, salen, luser, ruser)
break;
}
if (buf[1] == '@') /* match a host by netgroup */
- hostok = innetgr((char *)&buf[2],
- (char *)&hname, NULL, ypdomain);
+ hostok = hname[0] != '\0' &&
+ innetgr(&buf[2], hname, NULL, ypdomain);
else /* match a host by addr */
hostok = __icheckhost(raddr, salen,
(char *)&buf[1]);
break;
case '-': /* reject '-' hosts and all their users */
if (buf[1] == '@') {
- if (innetgr((char *)&buf[2],
- (char *)&hname, NULL, ypdomain))
+ if (hname[0] == '\0' ||
+ innetgr(&buf[2], hname, NULL, ypdomain))
return(-1);
} else {
if (__icheckhost(raddr, salen,
OpenPOWER on IntegriCloud