[Date Prev][Date Next] [Chronological] [Thread] [Top]

bug in libwrap code

To: openldap-devel@OpenLDAP.org
Subject: bug in libwrap code
From: Ben Collins <bmc@visi.net>
Date: Wed, 6 Jan 1999 07:53:49 -0500

I found a little DoS bug in the libwrap code for 1.1.2. Occurs when the
client connecting doesn't have a reverse lookup. Offending code occurs
in server/slapd/daemon.c:

line 280

if (!(hosts_ctl("slapd", client_name, client_addr, STRING_UNKNOWN))

A little further up you can see where client_name is NULL when the ip
does not have a host lookup. libwrap expects STRING_UNKNOWN for
anything that isn't set. Changed it to this:

if (!(hosts_ctl("slapd", client_name != NULL ? client_name :
    STRING_UNKNOWN, client_addr, STRING_UNKNOWN))

Works great for me and hosts.{allow,deny} functionality is still
working (most importantly when ALL: PARANOID is setup).

Also I'd like to note for the devel team that OpenLDAP is being
packaged for Debian's distribution (by me). So far it seems to be a
great project...keep up the good work.

--
-----    -- - -------- --------- ----  -------  -----  - - ---   --------
Ben Collins <b.m.collins@larc.nasa.gov>                  Debian GNU/Linux
UnixGroup Admin - Jordan Systems Inc.                 bcollins@debian.org
------ -- ----- - - -------   ------- -- The Choice of the GNU Generation

Prev by Date: Re: ACLs for add, delete, modrdn LDBM operations
Next by Date: gethostby{name,addr}_r
Index(es):
- Chronological
- Thread