Date: Sun, 03 Jun 2001 06:49:24 +0900 (JST) From: Hajimu UMEMOTO <ume@mahoroba.org> To: mdavis@cts.com Cc: freebsd-stable@freebsd.org, security@freebsd.org, wollman@freebsd.org, freebsd-print@bostonradio.org, drosih@rpi.edu Subject: Re: Malformed from address Message-ID: <20010603.064924.55505694.ume@mahoroba.org> In-Reply-To: <000001c0eba9$4f34e1c0$271978d8@cts.com> References: <000001c0eb56$6d6ae250$241978d8@cts.com> <000001c0eba9$4f34e1c0$271978d8@cts.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> On Sat, 2 Jun 2001 14:16:36 -0700 >>>>> "Morgan Davis" <mdavis@cts.com> said: mdavis> 3. Watching tcpdump, the ports from the client systems start above the mdavis> priviledged port range (IPPORT_RESERVED). With each failure, they will mdavis> reconnect and increment the originating port number. Here are the mdavis> starting ports numbers I saw in tcpdump for various Windows OS flavors: mdavis> 23xx - Windows XP Pro (build 2475) mdavis> 11xx - Windows 2000 Pro mdavis> 10xx - Windows 2000 Server mdavis> These are listed in order of machine uptime. I had just rebooted the mdavis> Win2K Server machine to do this test, so it must start at 1024 mdavis> (IPPORT_RESERVED). Then, Windows is broken. printer client must bind source port to within IPPORT_RESERVED. mdavis> In looking at the lpd.c code (and netinet/in.h), the logic in lpd.c's mdavis> test seems to be wrong (or is missing a !): mdavis> if (error || atoi(serv) >= IPPORT_RESERVED) mdavis> fatal(0, "Malformed from address"); mdavis> This would imply that any port at or above the IPPORT_RESERVED mdavis> threshhold is illegal, which (I think) is clearly wrong. Shouldn't it mdavis> be < IPPORT_RESERVED? Or better still: This checking code is currect. r-authentication requires that connection comes from reserved port range. Please see iruserok_sa(3) manpage. mdavis> if (error || atoi(serv) < IPPORT_RESERVED || atoi(serv) > mdavis> IPPORT_HILASTAUTO) mdavis> fatal(0, "Malformed from address or illegal port"); This code is wrong. Since Unix's lpr do bind to reserved port, you will not be able to print from Unix boxes. If you wish to allow such broken connection, you can simply remove reserved port checking. -- Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan ume@mahoroba.org ume@bisd.hitachi.co.jp ume@{,jp.}FreeBSD.org http://www.imasy.org/~ume/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010603.064924.55505694.ume>