Date: Mon, 20 Dec 1999 00:20:10 +0100 (CET) From: Anders Nordby <anders@fix.no> To: FreeBSD-gnats-submit@freebsd.org Subject: ports/15575: Bugfix of port: net/dante Message-ID: <19991219232010.3E7A6575D@totem.fix.no>
next in thread | raw e-mail | index | archive | help
>Number: 15575
>Category: ports
>Synopsis: Bugfix of port: net/dante
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Sun Dec 19 15:30:01 PST 1999
>Closed-Date:
>Last-Modified:
>Originator: Anders Nordby
>Release: FreeBSD 3.3-STABLE i386
>Organization:
Fluxpod Information eXchange
>Environment:
FreeBSD eggsilo.bsdonline.org 3.3-STABLE FreeBSD 3.3-STABLE #0: Sun Dec 19
15:33:42 CET 1999
root@eggsilo.bsdonline.org:/usr/src/sys/compile/EGGSILO i386
>Description:
From the developer:
"CVSROOT: /share/inferno/src
Module name:
Changes by: michaels@bastesen.inet.no 99/12/16 10:01:28
Modified files:
socks/sockd : sockd_io.c
Log message:
can't do rulespermit() that early, move to after connect().
Fixes a hang that could occur when using libwrap, thanks
to Marc G. Fournier (marc.fournier@acadiau.ca) for help
and testing."
>How-To-Repeat:
Run sockd with iotimeout set in sockd.conf.
>Fix:
diff -Nur dante.old/patches/patch-aa dante/patches/patch-aa
--- dante.old/patches/patch-aa Thu Jan 1 01:00:00 1970
+++ dante/patches/patch-aa Sun Dec 19 21:39:00 1999
@@ -0,0 +1,76 @@
+--- sockd/sockd_io.c.orig Thu Sep 2 12:53:05 1999
++++ sockd/sockd_io.c Sun Dec 19 21:37:35 1999
+@@ -44,7 +44,7 @@
+ #include "common.h"
+
+ static const char rcsid[] =
+-"$Id: sockd_io.c,v 1.159 1999/09/02 10:42:04 michaels Exp $";
++"$Id: sockd_io.c,v 1.162 1999/12/16 09:01:25 michaels Exp $";
+
+ /*
+ * Accept io objects from mother and does io on them. We never
+@@ -819,8 +819,8 @@
+
+ /*
+ * If client hasn't sent us it's address yet we have to
+- * assume the first packet is from is it. Client can only
+- * blame itself if not.
++ * assume the first packet is from is it.
++ * Client can only blame itself if not.
+ */
+ if (io->in.raddr.sin_addr.s_addr == htonl(INADDR_ANY)
+ || io->in.raddr.sin_port == htons(0)) {
+@@ -836,30 +836,19 @@
+
+ /* LINTED pointer casts may be troublesome */
+ sockaddr2sockshost((struct sockaddr *)&io->in.raddr, &io->src);
+-
+- /*
+- * Do a rulecheck here with destination set to NULL,
+- * if that isn't permitted nothing else is either from
+- * this source so disconnect it.
+- */
+- if (!rulespermit(io->in.s, &io->rule, &io->state, &io->src,
+- NULL)) {
+- delete_io(mother, io, io->in.s, IO_SRCBLOCK);
+- return;
+- }
+ }
+
+ /*
+- * When we receive the first packet we also have a fixed
+- * source so connect the socket, both for better performance
+- * and so that getpeername() will work on it, for
+- * libwrap/rulespermit().
++ * When we receive the first packet we also have a fixed source
++ * so connect the socket, both for better performance and so
++ * that getpeername() will work on it (libwrap/rulespermit()).
+ */
+- if (io->in.read == 0) { /* could happend more than once, but ok. */
++ if (io->in.read == 0) { /* could happen more than once, but ok. */
+ /* LINTED pointer casts may be troublesome */
+ if (!sockaddrareeq((struct sockaddr *)&io->in.raddr, &from)) {
+ char src[MAXSOCKADDRSTRING], dst[MAXSOCKADDRSTRING];
+
++ /* perhaps this should be LOG_DEBUG. */
+ slog(LOG_NOTICE,
+ "%s(0): %s: expected from %s, got it from %s",
+ VERDICT_BLOCKs, protocol2string(io->state.protocol),
+@@ -871,6 +860,17 @@
+
+ if (connect(io->in.s, &from, sizeof(from)) != 0) {
+ delete_io(mother, io, io->in.s, IO_ERROR);
++ return;
++ }
++
++ /*
++ * Do a rulecheck here with destination set to NULL.
++ * If that isn't permitted nothing else is either from
++ * this source so might as well disconnect it.
++ */
++ if (!rulespermit(io->in.s, &io->rule, &io->state, &io->src,
++ NULL)) {
++ delete_io(mother, io, io->in.s, IO_SRCBLOCK);
+ return;
+ }
+ }
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991219232010.3E7A6575D>