Date: Sun, 26 Nov 2000 16:39:59 -0500 From: "Brian F. Feldman" <green@FreeBSD.org> To: Alfred Perlstein <bright@wintelcom.net> Cc: "Brian F. Feldman" <green@FreeBSD.org>, obrien@FreeBSD.org, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/usr.sbin/inetd builtins.c Message-ID: <200011262140.eAQLe2576200@green.dyndns.org> In-Reply-To: Message from Alfred Perlstein <bright@wintelcom.net> of "Sat, 25 Nov 2000 19:01:46 PST." <20001125190146.Q8051@fw.wintelcom.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Alfred Perlstein <bright@wintelcom.net> wrote:
> Because your "fix" was a gross hack on top of the gross hack already
> in place.
Here, you can review this, then:
--- builtins.c.orig Sat Nov 25 09:09:34 2000
+++ builtins.c Sun Nov 26 15:56:15 2000
@@ -453,7 +453,8 @@
*/
gettimeofday(&to, NULL);
to.tv_sec += tv.tv_sec;
- if ((to.tv_usec += tv.tv_usec) >= 1000000) {
+ to.tv_usec += tv.tv_usec;
+ if (to.tv_usec >= 1000000) {
to.tv_usec -= 1000000;
to.tv_sec++;
}
@@ -517,7 +518,7 @@
* so right here we are only setting the ports.
*/
if (ss[0].ss_family != ss[1].ss_family)
- iderror(lport, fport, s, errno);
+ iderror(lport, fport, s, EINVAL);
size = sizeof(uc);
switch (ss[0].ss_family) {
case AF_INET:
@@ -527,7 +528,7 @@
sin[1].sin_port = htons(fport);
if (sysctlbyname("net.inet.tcp.getcred", &uc, &size, sin,
sizeof(sin)) == -1)
- getcredfail = 1;
+ getcredfail = errno;
break;
#ifdef INET6
case AF_INET6:
@@ -537,23 +538,24 @@
sin6[1].sin6_port = htons(fport);
if (sysctlbyname("net.inet6.tcp6.getcred", &uc, &size, sin6,
sizeof(sin6)) == -1)
- getcredfail = 1;
+ getcredfail = errno;
break;
#endif
default: /* should not reach here */
- getcredfail = 1;
+ getcredfail = EAFNOSUPPORT;
break;
}
if (getcredfail != 0) {
if (fallback == NULL) /* Use a default, if asked to */
- iderror(lport, fport, s, errno);
+ iderror(lport, fport, s, getcredfail);
usedfallback = 1;
} else {
/* Look up the pw to get the username */
+ errno = 0;
pw = getpwuid(uc.cr_uid);
}
if (pw == NULL && !usedfallback) /* No such user... */
- iderror(lport, fport, s, errno);
+ iderror(lport, fport, s, errno != 0 ? errno : ENOENT);
/*
* If enabled, we check for a file named ".noident" in the user's
* home directory. If found, we return HIDDEN-USER.
@@ -587,23 +589,23 @@
iderror(lport, fport, s, errno);
seteuid(pw->pw_uid);
/*
- * If we were to lstat() here, it would do no good, since it
- * would introduce a race condition and could be defeated.
+ * We can't stat() here since that would be a race
+ * condition.
* Therefore, we open the file we have permissions to open
* and if it's not a regular file, we close it and end up
* returning the user's real username.
*/
fakeid_fd = open(p, O_RDONLY | O_NONBLOCK);
free(p);
- if ((fakeid = fdopen(fakeid_fd, "r")) != NULL &&
- fstat(fileno(fakeid), &sb) != -1 && S_ISREG(sb.st_mode)) {
+ if (fakeid_fd != -1 && fstat(fakeid_fd, &sb) != -1 &&
+ S_ISREG(sb.st_mode) &&
+ (fakeid = fdopen(fakeid_fd, "r")) != NULL) {
buf[sizeof(buf) - 1] = '\0';
if (fgets(buf, sizeof(buf), fakeid) == NULL) {
cp = pw->pw_name;
fclose(fakeid);
goto printit;
}
- fclose(fakeid);
/*
* Usually, the file will have the desired identity
* in the form "identity\n", so we use strcspn() to
@@ -626,14 +628,18 @@
*/
if (!*cp || getpwnam(cp)) {
+ errno = 0;
pw = getpwuid(uc.cr_uid);
if (pw == NULL)
- iderror(lport, fport, s, errno);
+ iderror(lport, fport, s,
+ errno != 0 ? errno : ENOENT);
cp = pw->pw_name;
}
} else
cp = pw->pw_name;
- if (fakeid_fd != -1)
+ if (fakeid != NULL)
+ fclose(fakeid);
+ else if (fakeid_fd != -1)
close(fakeid_fd);
} else if (!usedfallback)
cp = pw->pw_name;
--
Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! /
green@FreeBSD.org `------------------------------'
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200011262140.eAQLe2576200>