diff options
author | jdp <jdp@FreeBSD.org> | 2002-08-24 17:37:42 +0000 |
---|---|---|
committer | jdp <jdp@FreeBSD.org> | 2002-08-24 17:37:42 +0000 |
commit | 5e4153d48642b1dc2e6996b5e1ac0b0cce56e76d (patch) | |
tree | 7e718cf9d96f8025b28d8c862051d177c0246cbb /lib/libc/net | |
parent | 25a0b2072198cf9a11b601db4a7167409d8b9c64 (diff) | |
download | FreeBSD-src-5e4153d48642b1dc2e6996b5e1ac0b0cce56e76d.zip FreeBSD-src-5e4153d48642b1dc2e6996b5e1ac0b0cce56e76d.tar.gz |
Fix a bug in __ivaliduser_sa() which caused some rsh/rlogin attempts
to fail needlessly if a reverse DNS lookup of the IP address didn't
come up with a hostname. As a comment in the code clearly stated,
the "damn hostname" was looked up only for the purpose of netgroup
matching. But if that lookup failed, the function bailed out
immediately even though in many cases netgroup matching would not
be used.
This change marks the hostname as unknown but continues. Where
netgroup matching is performed, an unknown hostname is handled
conservatively. I.e., for "+@netgroup" (accept) entries an unknown
hostname never matches, and for "-@netgroup" (reject) entries an
unknown hostname always matches.
In the lines affected (only), I also fixed a few bogus casts. There
are others, and in fact this entire file would be a good candidate
for a cleanup sweep.
Reviewed by: imp (wearing his flourescent yellow Security Team cap)
MFC after: 2 days
Diffstat (limited to 'lib/libc/net')
-rw-r--r-- | lib/libc/net/rcmd.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/lib/libc/net/rcmd.c b/lib/libc/net/rcmd.c index 8ed3cb9..fea3887 100644 --- a/lib/libc/net/rcmd.c +++ b/lib/libc/net/rcmd.c @@ -621,7 +621,7 @@ __ivaliduser_sa(hostf, raddr, salen, luser, ruser) /* We need to get the damn hostname back for netgroup matching. */ if (getnameinfo(raddr, salen, hname, sizeof(hname), NULL, 0, NI_NAMEREQD) != 0) - return (-1); + hname[0] = '\0'; while (fgets(buf, sizeof(buf), hostf)) { p = buf; @@ -660,16 +660,16 @@ __ivaliduser_sa(hostf, raddr, salen, luser, ruser) break; } if (buf[1] == '@') /* match a host by netgroup */ - hostok = innetgr((char *)&buf[2], - (char *)&hname, NULL, ypdomain); + hostok = hname[0] != '\0' && + innetgr(&buf[2], hname, NULL, ypdomain); else /* match a host by addr */ hostok = __icheckhost(raddr, salen, (char *)&buf[1]); break; case '-': /* reject '-' hosts and all their users */ if (buf[1] == '@') { - if (innetgr((char *)&buf[2], - (char *)&hname, NULL, ypdomain)) + if (hname[0] == '\0' || + innetgr(&buf[2], hname, NULL, ypdomain)) return(-1); } else { if (__icheckhost(raddr, salen, |