diff options
author | Hajimu UMEMOTO <ume@FreeBSD.org> | 2000-09-25 00:41:55 +0000 |
---|---|---|
committer | Hajimu UMEMOTO <ume@FreeBSD.org> | 2000-09-25 00:41:55 +0000 |
commit | 656884886880463d9bfa66ac88e5d2675829e2d0 (patch) | |
tree | e9e5999a51e488c21b71123d3db895717e51ae74 /contrib/tcp_wrappers | |
parent | 65e893c9b9a0d3b26f7abaf2b6dac3cb63cfc952 (diff) | |
download | src-656884886880463d9bfa66ac88e5d2675829e2d0.tar.gz src-656884886880463d9bfa66ac88e5d2675829e2d0.zip |
- reject numeric address
- validate scope in sockaddr comparison logic
patch was originally submitted by itojun and slightly modified by me.
Reviewed by: itojun, kris
Notes
Notes:
svn path=/head/; revision=66329
Diffstat (limited to 'contrib/tcp_wrappers')
-rw-r--r-- | contrib/tcp_wrappers/socket.c | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/contrib/tcp_wrappers/socket.c b/contrib/tcp_wrappers/socket.c index 3fa1f5b8ddbe..47f3df6a02a7 100644 --- a/contrib/tcp_wrappers/socket.c +++ b/contrib/tcp_wrappers/socket.c @@ -217,6 +217,23 @@ struct host_info *host; STRN_CPY(host->name, hname, sizeof(host->name)); + /* reject numeric addresses */ + memset(&hints, 0, sizeof(hints)); + hints.ai_family = sin->sa_family; + hints.ai_socktype = SOCK_STREAM; + hints.ai_flags = AI_PASSIVE | AI_CANONNAME | AI_NUMERICHOST; + if ((err = getaddrinfo(host->name, NULL, &hints, &res0) == 0)) { + freeaddrinfo(res0); + tcpd_warn("host name/name mismatch: " + "reverse lookup results in non-FQDN %s", + host->name); + strcpy(host->name, paranoid); /* name is bad, clobber it */ + } + err = !err; + } + if (!err) { + /* we are now sure that this is non-numeric */ + /* * Verify that the address is a member of the address list returned * by gethostbyname(hostname). @@ -276,6 +293,11 @@ struct host_info *host; rap = (char *)&((struct sockaddr_in *)res->ai_addr)->sin_addr; break; case AF_INET6: + /* need to check scope_id */ + if (((struct sockaddr_in6 *)sin)->sin6_scope_id != + ((struct sockaddr_in6 *)res->ai_addr)->sin6_scope_id) { + continue; + } rap = (char *)&((struct sockaddr_in6 *)res->ai_addr)->sin6_addr; break; default: |