Date: Thu, 20 Jul 2023 21:58:10 GMT From: Gleb Smirnoff <glebius@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 1d9722de6f90 - main - tcp_wrappers: recognize IPv6 addresses/prefixes Message-ID: <202307202158.36KLwA4T052219@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by glebius: URL: https://cgit.FreeBSD.org/src/commit/?id=1d9722de6f90c3edf286b077938bfa696e728d6c commit 1d9722de6f90c3edf286b077938bfa696e728d6c Author: Gleb Smirnoff <glebius@FreeBSD.org> AuthorDate: 2023-07-20 21:56:20 +0000 Commit: Gleb Smirnoff <glebius@FreeBSD.org> CommitDate: 2023-07-20 21:56:20 +0000 tcp_wrappers: recognize IPv6 addresses/prefixes Intentionally or not, but the libwrap was written in such manner that if your /etc/hosts.allow doesn't have any domain names, neither smart keywords like LOCAL or KNOWN, then it will not try to resolve the client address during the hosts check. This was achieved with the NOT_INADDR() check that matched IPv4 addresses/prefixes. Extend this to also skip resolve if client list token looks like IPv6. Reviewed by: philip, emaste PR: 269456 Differential revision: https://reviews.freebsd.org/D40070 --- contrib/tcp_wrappers/hosts_access.c | 3 ++- contrib/tcp_wrappers/tcpd.h | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/contrib/tcp_wrappers/hosts_access.c b/contrib/tcp_wrappers/hosts_access.c index 05c62d194091..e55f3f34dd20 100644 --- a/contrib/tcp_wrappers/hosts_access.c +++ b/contrib/tcp_wrappers/hosts_access.c @@ -315,7 +315,8 @@ static int host_match(char *tok, struct host_info *host) return (masked_match(tok, mask, eval_hostaddr(host))); } else { /* anything else */ return (string_match(tok, eval_hostaddr(host)) - || (NOT_INADDR(tok) && string_match(tok, eval_hostname(host)))); + || (NOT_INADDR(tok) && NOT_INADDR6(tok) + && string_match(tok, eval_hostname(host)))); } } diff --git a/contrib/tcp_wrappers/tcpd.h b/contrib/tcp_wrappers/tcpd.h index 1078073c8e3a..194cde378c1c 100644 --- a/contrib/tcp_wrappers/tcpd.h +++ b/contrib/tcp_wrappers/tcpd.h @@ -70,6 +70,7 @@ extern char paranoid[]; #define HOSTNAME_KNOWN(s) (STR_NE((s),unknown) && STR_NE((s),paranoid)) #define NOT_INADDR(s) (s[strspn(s,"01234567890./")] != 0) +#define NOT_INADDR6(s) (strchr(s, ':') == NULL) /* Global functions. */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202307202158.36KLwA4T052219>