Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 2 Jun 2001 12:54:55 -0400
From:      Garance A Drosihn <drosih@rpi.edu>
To:        "Morgan Davis" <mdavis@cts.com>, <freebsd-stable@FreeBSD.ORG>
Cc:        security@FreeBSD.ORG, wollman@FreeBSD.ORG, Hajimu UMEMOTO <ume@mahoroba.org>, freebsd-print@bostonradio.org
Subject:   Re: lpd: Malformed from address
Message-ID:  <p05100e0cb73ebb1a651d@[128.113.24.47]>
In-Reply-To: <000001c0eb56$6d6ae250$241978d8@cts.com>
References:  <000001c0eb56$6d6ae250$241978d8@cts.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
At 4:23 AM -0700 6/2/01, Morgan Davis wrote:
>  >  After upgrading two different FreeBSD 4.2 systems to 4.3,
>  >  they both began to exhibit trouble when trying to print
>  >  to their lpd processes.
>  >  Watching the raw traffic via tcpdump, both are failing
>  >  immediately when lpd tries to resolve the connecting
>  >  client's address in chkhost():
>  >
>  >        error = getnameinfo(f, f->sa_len, NULL, 0, serv,
>  > 		sizeof(serv), NI_NUMERICSERV);
>  >        if (error || atoi(serv) >= IPPORT_RESERVED)
>  > 		fatal(0, "Malformed from address");

So, both of these systems are being sent print jobs from
OTHER machines, and are refusing to accept those jobs due
to the malformed 'from' address?

Does this happen with jobs from all machines which send
to the two print-servers, or only from some machines?
For the client machines which DO fail, what OS are they
running?  Is there any reason those clients would NOT
be sending from a reserved port?  In your 'tcpdump'
output, what port is the request coming from?

Also, are the print jobs being sent via IPv4 connections,
or IPv6 connections?

In a later message on 6/3/01, Hajimu UMEMOTO wrote:
>When I ported IPv6 support into FreeBSD from NetBSD, I wrongly
>brought reserved port checking code into FreeBSD.  Originally,
>FreeBSD's lpd didn't check validity of connection by checking
>if it comes from reserved port.

Hmm.  I wonder if this is something that got dropped along
the way somewhere.  The lpd I use at RPI *does* check that
jobs are coming from a reserved port, and I am pretty sure I
never wrote that code.  That implies that it must have been
in whatever version of lpd that RPI started with (*).  But
you are right that freebsd's version before the IPv6 update
did not check (or at least, if the check was there then it
did not work correctly).  This is one of the sections of
lpd where I haven't tried to reconcile RPI's code with
freebsd's code.

    [* - although someone else did work on lpd at RPI
     before I did, so maybe they added this check]

>However, since lpd relies on r-authentication, it should be
>expected.  Though it is easy to get rid of reserved port
>checking, we should have some consideration.  Any suggestion?

It seems to me that checking for a reserved port is a good
thing, so I want to hear back from Morgan to make sure we
know what the exact problem is.  It may be that the idea of
doing the check is correct, but this specific implementation
has a bug in it.

[again, note that RPI's print servers have been running for
years WITH a check for reserved port, and I am not aware of
that causing any problems.  So, I find it curious that the
check would be causing a problem for Morgan]

-- 
Garance Alistair Drosehn            =   gad@eclipse.acs.rpi.edu
Senior Systems Programmer           or  gad@freebsd.org
Rensselaer Polytechnic Institute    or  drosih@rpi.edu

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?p05100e0cb73ebb1a651d>