NNRPD bug in inn-2.4.0

Yury B.Razbegin yur at simtel.ru
Wed Jun 20 10:38:56 UTC 2001 

   The nnrpd crashes under FreeBSD 4.3. It occurs because of incorrect operations
 of initialization and destruction of variables. At the end of the mail the
 appropriate patch are attached.
   The function MatchHost() also is optimized.
-- 
 * Yury B.Razbegin * yur at simtel.ru *  +7 (-8422) -35-32-09  (Fax: -41-00-19) *


-- Attached file included as plaintext by Listar --
-- Desc: PERM.patch

*** nnrpd/perm.c	Wed Jun 20 14:01:01 2001
--- nnrpd/perm.c.orig	Tue Jun 19 13:01:12 2001
***************
*** 1118,1129 ****
  		    curgroup = NEW(GROUP, 1);
  		    memset(curgroup, 0, sizeof(GROUP));
  		    memset(ConfigBit, '\0', ConfigBitsize);
  		}
  		if (curgroup->auth == NULL) {
  		    curgroup->auth = NEW(AUTHGROUP, 1);
  		    memset(curgroup->auth, 0, sizeof(AUTHGROUP));
  		    memset(ConfigBit, '\0', ConfigBitsize);
-                     SetDefaultAuth(curgroup->auth);
  		}
  
  		authdecl_parse(curgroup->auth, cf->f, tok);
--- 1118,1129 ----
  		    curgroup = NEW(GROUP, 1);
  		    memset(curgroup, 0, sizeof(GROUP));
  		    memset(ConfigBit, '\0', ConfigBitsize);
+                     SetDefaultAuth(curgroup->auth);
  		}
  		if (curgroup->auth == NULL) {
  		    curgroup->auth = NEW(AUTHGROUP, 1);
  		    memset(curgroup->auth, 0, sizeof(AUTHGROUP));
  		    memset(ConfigBit, '\0', ConfigBitsize);
  		}
  
  		authdecl_parse(curgroup->auth, cf->f, tok);
***************
*** 1199,1213 ****
  			   curauth->name == NULL ? "(NULL)" : curauth->name);
  			free_authgroup(curauth);
  		    }
- 		    else
  			add_authgroup(curauth);
! 		} else {
! 		    if (curauth->name)
  			syslog(L_TRACE, "Auth strategy '%s' does not match client.  Removing.",
  			   curauth->name == NULL ? "(NULL)" : curauth->name);
  		    free_authgroup(curauth);
  		}
!                 curauth = NULL;
  		goto again;
  	    }
  
--- 1199,1211 ----
  			   curauth->name == NULL ? "(NULL)" : curauth->name);
  			free_authgroup(curauth);
  		    }
  		    add_authgroup(curauth);
! 		} else if (curauth->name) {
  		    syslog(L_TRACE, "Auth strategy '%s' does not match client.  Removing.",
  			   curauth->name == NULL ? "(NULL)" : curauth->name);
  		    free_authgroup(curauth);
  		}
! 
  		goto again;
  	    }
  
***************
*** 1217,1227 ****
  	    if (tok->type == PERMrbrace) {
  		inwhat = 0;
  
! 		if (curaccess->name)
  		    add_accessgroup(curaccess);
! 		else
! 		    free_accessgroup(curaccess);
! 		curaccess = NULL;
  		goto again;
  	    }
  
--- 1215,1224 ----
  	    if (tok->type == PERMrbrace) {
  		inwhat = 0;
  
! 		if (curaccess->name) {
  		    add_accessgroup(curaccess);
! 		}
! 
  		goto again;
  	    }
  
***************
*** 1529,1540 ****
  static bool MatchHost(char *hostlist, char *host, char *ip)
  {
      char    **list;
!     bool    ret;
      char    *cp;
      int	    iter;
      char    *pat, 
  	    *p;
-     struct in_addr ia;
  
      /*	If no hostlist are specified, by default they match.   */
  
--- 1526,1536 ----
  static bool MatchHost(char *hostlist, char *host, char *ip)
  {
      char    **list;
!     bool    ret	= FALSE;
      char    *cp;
      int	    iter;
      char    *pat, 
  	    *p;
  
      /*	If no hostlist are specified, by default they match.   */
  
***************
*** 1547,1597 ****
  
      NGgetlist(&list, cp);
  
-     memset(&ia, 0, sizeof(ia));
-     if ((*ip)&&(inet_aton(ip, &ia) != 1)) {
- 	memset(&ia, 0, sizeof(ia));
-     } /* Prepare inet address */
-     
      /* default is no access */
!     for (ret = FALSE, iter = 0; list[iter]; iter++);
      while (iter-- > 0) {
  	pat = list[iter];
  	if (*pat == '!')
  	    pat++;
! 	if (ret = wildmat(host, pat))
! 				break;
! 	if (! *ip)
! 		continue;
! 	if (ret = wildmat(ip, pat))
! 				break;
! 	if ((ia.s_addr == 0)||((p = strchr(pat, '/')) == (char *)NULL))
! 								continue;
! 	else {
! 	  int c;
! 	  struct in_addr net, tmp;
! 	  unsigned long mask;
! 
! 	  *p++ = '\0';
! 	  if (inet_aton(pat, &net) != 1)
! 				   continue;
! 	  if (strchr(p, '.') == (char *)NULL) {
! 	     if (((c = atoi(p)) <= 0)||((c = 32 - c) < 0))
  		    continue;
- 	     mask = 0xFFFFFFFF;      /* 255.255.255.255 */
- 	     mask = mask << c;
- 	     mask = htonl(mask);
  	  }
! 	  else if (inet_aton(p, &tmp) != 1)
! 					    continue;
! 	  else
! 	    mask = tmp.s_addr;
! 	  if ((ia.s_addr & mask) == (net.s_addr & mask)) {
  		ret = TRUE;
- 		break;
  	  }
  	}
      }
!     if ((ret != FALSE) && (list[iter][0] == '!'))
  	ret = FALSE;
      DISPOSE(list);
      DISPOSE(cp);
--- 1543,1587 ----
  
      NGgetlist(&list, cp);
  
      /* default is no access */
!     for (iter = 0; list[iter]; iter++) {
! 	;
!     }
! 
      while (iter-- > 0) {
  	pat = list[iter];
  	if (*pat == '!')
  	    pat++;
! 	ret = wildmat(host, pat);
! 	if (!ret && *ip) {
! 	    ret = wildmat(ip, pat);
! 	    if (!ret && (p = strchr(pat, '/')) != (char *)NULL) {
! 		int bits, c;
! 		struct in_addr ia, net, tmp;
! 		unsigned int mask;
! 
! 		*p = '\0';
!                 if (inet_aton(ip, &ia) && inet_aton(pat, &net)) {
! 		    if (strchr(p+1, '.') == (char *)NULL) {
! 			mask = atoi(p+1);
! 			for (bits = c = 0; c < mask && c < 32; c++)
! 			    bits |= (1 << (31 - c));
! 			mask = htonl(bits);
! 		    } else {
!                         if (inet_aton(p+1, &tmp))
!                             mask = tmp.s_addr;
!                         else
                              continue;
  		    }
! 		    if ((ia.s_addr & mask) == (net.s_addr & mask))
  			ret = TRUE;
  		}
  	    }
          }
! 	if (ret)
! 	    break;
!     }
!     if (ret && list[iter][0] == '!')
  	ret = FALSE;
      DISPOSE(list);
      DISPOSE(cp);

More information about the inn-bugs mailing list