[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [linux-alert] rlogin authentication bug



I agree that sa_len, sa_family and h_length was designed for
handling addresses of different types.

But pam_rhosts.c module is completely relying on
sizeof(h_length)==sizeof([unsigned] long).
Changing such a behavior I consider as rather developing
then hot bugfixing.

If you have a time to fix such behavior in pam modules we'd appreciate it.

Regards,
					Andrey V.
					Savochkin

> 
> I got this through bugtraq - I am not subscribed to pam-list. Please
> Cc any replies to me personally.
> 
> saw@msu.ru wrote:
> (fragmants of a patch... I hope this is understandable)
> >      struct hostent *hp;
> >      int answer = 1;                             /* default to failure */
> > -    u_long addr;
> > -    char **ap;
> > +    u_long *addrs;
> > +    int n, i;
> >
> >      opts->last_error = (char *) 0;
> >      hp               = gethostbyname(rhost);         /* identify host */
> >
> >      if (hp != NULL) {
> > +
> > +        /* loop though address list */
> > +        for (n = 0; hp->h_addr_list[n]; n++);
> > +        D(("rhosts: %d addresses", n))
> > +
> > +        if (n) {
> > +            addrs = malloc (n * sizeof(*addrs));
> 
> You should allocate n * hp->h_length bytes here.
> 
> > +            for (i = 0; i < n; i++)
> > +                memcpy (addrs+i, hp->h_addr_list[i], sizeof(*addrs));
> 
> You should copy hp->h_length bytes per address here.
> 
> These hostent structures aren't only used for IPv4 addresses but also
> for other address families, such as for example IPv6 (or look for all
> the AF_* and PF_* defines in /usr/include/sys/socket.h; on my machine
> there are about 25 address families listed). There is a reason for these
> sa_len and sa_family fields in struct sockaddr...
> 
> -Olaf.
> --
> ___ Olaf 'Rhialto' Seibert      D787B44DFC896063 4CBB95A5BD1DAA96 
> \X/ It's not easy having a good time    rhialto@polder.ubc.kun.nl
> 



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []