NNRPD bug in inn-2.4.0
Yury B.Razbegin
yur at simtel.ru
Wed Jun 20 10:38:56 UTC 2001
The nnrpd crashes under FreeBSD 4.3. It occurs because of incorrect operations
of initialization and destruction of variables. At the end of the mail the
appropriate patch are attached.
The function MatchHost() also is optimized.
--
* Yury B.Razbegin * yur at simtel.ru * +7 (-8422) -35-32-09 (Fax: -41-00-19) *
-- Attached file included as plaintext by Listar --
-- Desc: PERM.patch
*** nnrpd/perm.c Wed Jun 20 14:01:01 2001
--- nnrpd/perm.c.orig Tue Jun 19 13:01:12 2001
***************
*** 1118,1129 ****
curgroup = NEW(GROUP, 1);
memset(curgroup, 0, sizeof(GROUP));
memset(ConfigBit, '\0', ConfigBitsize);
}
if (curgroup->auth == NULL) {
curgroup->auth = NEW(AUTHGROUP, 1);
memset(curgroup->auth, 0, sizeof(AUTHGROUP));
memset(ConfigBit, '\0', ConfigBitsize);
- SetDefaultAuth(curgroup->auth);
}
authdecl_parse(curgroup->auth, cf->f, tok);
--- 1118,1129 ----
curgroup = NEW(GROUP, 1);
memset(curgroup, 0, sizeof(GROUP));
memset(ConfigBit, '\0', ConfigBitsize);
+ SetDefaultAuth(curgroup->auth);
}
if (curgroup->auth == NULL) {
curgroup->auth = NEW(AUTHGROUP, 1);
memset(curgroup->auth, 0, sizeof(AUTHGROUP));
memset(ConfigBit, '\0', ConfigBitsize);
}
authdecl_parse(curgroup->auth, cf->f, tok);
***************
*** 1199,1213 ****
curauth->name == NULL ? "(NULL)" : curauth->name);
free_authgroup(curauth);
}
- else
add_authgroup(curauth);
! } else {
! if (curauth->name)
syslog(L_TRACE, "Auth strategy '%s' does not match client. Removing.",
curauth->name == NULL ? "(NULL)" : curauth->name);
free_authgroup(curauth);
}
! curauth = NULL;
goto again;
}
--- 1199,1211 ----
curauth->name == NULL ? "(NULL)" : curauth->name);
free_authgroup(curauth);
}
add_authgroup(curauth);
! } else if (curauth->name) {
syslog(L_TRACE, "Auth strategy '%s' does not match client. Removing.",
curauth->name == NULL ? "(NULL)" : curauth->name);
free_authgroup(curauth);
}
!
goto again;
}
***************
*** 1217,1227 ****
if (tok->type == PERMrbrace) {
inwhat = 0;
! if (curaccess->name)
add_accessgroup(curaccess);
! else
! free_accessgroup(curaccess);
! curaccess = NULL;
goto again;
}
--- 1215,1224 ----
if (tok->type == PERMrbrace) {
inwhat = 0;
! if (curaccess->name) {
add_accessgroup(curaccess);
! }
!
goto again;
}
***************
*** 1529,1540 ****
static bool MatchHost(char *hostlist, char *host, char *ip)
{
char **list;
! bool ret;
char *cp;
int iter;
char *pat,
*p;
- struct in_addr ia;
/* If no hostlist are specified, by default they match. */
--- 1526,1536 ----
static bool MatchHost(char *hostlist, char *host, char *ip)
{
char **list;
! bool ret = FALSE;
char *cp;
int iter;
char *pat,
*p;
/* If no hostlist are specified, by default they match. */
***************
*** 1547,1597 ****
NGgetlist(&list, cp);
- memset(&ia, 0, sizeof(ia));
- if ((*ip)&&(inet_aton(ip, &ia) != 1)) {
- memset(&ia, 0, sizeof(ia));
- } /* Prepare inet address */
-
/* default is no access */
! for (ret = FALSE, iter = 0; list[iter]; iter++);
while (iter-- > 0) {
pat = list[iter];
if (*pat == '!')
pat++;
! if (ret = wildmat(host, pat))
! break;
! if (! *ip)
! continue;
! if (ret = wildmat(ip, pat))
! break;
! if ((ia.s_addr == 0)||((p = strchr(pat, '/')) == (char *)NULL))
! continue;
! else {
! int c;
! struct in_addr net, tmp;
! unsigned long mask;
!
! *p++ = '\0';
! if (inet_aton(pat, &net) != 1)
! continue;
! if (strchr(p, '.') == (char *)NULL) {
! if (((c = atoi(p)) <= 0)||((c = 32 - c) < 0))
continue;
- mask = 0xFFFFFFFF; /* 255.255.255.255 */
- mask = mask << c;
- mask = htonl(mask);
}
! else if (inet_aton(p, &tmp) != 1)
! continue;
! else
! mask = tmp.s_addr;
! if ((ia.s_addr & mask) == (net.s_addr & mask)) {
ret = TRUE;
- break;
}
}
}
! if ((ret != FALSE) && (list[iter][0] == '!'))
ret = FALSE;
DISPOSE(list);
DISPOSE(cp);
--- 1543,1587 ----
NGgetlist(&list, cp);
/* default is no access */
! for (iter = 0; list[iter]; iter++) {
! ;
! }
!
while (iter-- > 0) {
pat = list[iter];
if (*pat == '!')
pat++;
! ret = wildmat(host, pat);
! if (!ret && *ip) {
! ret = wildmat(ip, pat);
! if (!ret && (p = strchr(pat, '/')) != (char *)NULL) {
! int bits, c;
! struct in_addr ia, net, tmp;
! unsigned int mask;
!
! *p = '\0';
! if (inet_aton(ip, &ia) && inet_aton(pat, &net)) {
! if (strchr(p+1, '.') == (char *)NULL) {
! mask = atoi(p+1);
! for (bits = c = 0; c < mask && c < 32; c++)
! bits |= (1 << (31 - c));
! mask = htonl(bits);
! } else {
! if (inet_aton(p+1, &tmp))
! mask = tmp.s_addr;
! else
continue;
}
! if ((ia.s_addr & mask) == (net.s_addr & mask))
ret = TRUE;
}
}
}
! if (ret)
! break;
! }
! if (ret && list[iter][0] == '!')
ret = FALSE;
DISPOSE(list);
DISPOSE(cp);
More information about the inn-bugs
mailing list