Date: Tue, 28 May 96 12:13 MET DST From: gemini@geminix.snafu.de To: FreeBSD-gnats-submit@freebsd.org Subject: bin/1273: Bug in rshd Message-ID: <m0uOLmh-0009ahC@geminix.snafu.de> Resent-Message-ID: <199605282210.PAA05990@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 1273
>Category: bin
>Synopsis: remote hostname gets corrupted in rshd
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue May 28 15:10:02 PDT 1996
>Last-Modified:
>Originator: Uwe Doering
>Organization:
>Release: FreeBSD 2.1-STABLE i386
>Environment:
>Description:
After rshd looked up the remote host name by calling gethostbyaddr(),
it calls iruserok() which internaly calls gethostbyaddr() as well
and therefore corrupts the host name returned by the first call to
this function.
>How-To-Repeat:
>From a machine that is neither in /etc/hosts.equiv nor in ~/.rhosts,
`rsh -K' to a host running FreeBSD 2.1R or -stable and look at the
remote host name in the `permission denied' line in /var/log/messages.
It's very likely wrong, corrupted or missing at all.
>Fix:
Copy the remote host name into a private buffer so that it is
protected from network library functions.
Here's the fix:
--- rshd.c-dist Sat Sep 2 16:40:24 1995
+++ rshd.c Thu May 23 14:04:46 1996
@@ -200,6 +200,7 @@
char *cp, sig, buf[BUFSIZ];
char cmdbuf[NCARGS+1], locuser[16], remuser[16];
char remotehost[2 * MAXHOSTNAMELEN + 1];
+ char rremotehost[2 * MAXHOSTNAMELEN + 1];
#ifdef KERBEROS
AUTH_DAT *kdata = (AUTH_DAT *) NULL;
@@ -332,13 +333,13 @@
* address corresponds to the name.
*/
hostname = hp->h_name;
+ strncpy(remotehost, hp->h_name, sizeof(remotehost) - 1);
+ remotehost[sizeof(remotehost) - 1] = 0;
+ errorhost = remotehost;
#ifdef KERBEROS
if (!use_kerberos)
#endif
if (check_all || local_domain(hp->h_name)) {
- strncpy(remotehost, hp->h_name, sizeof(remotehost) - 1);
- remotehost[sizeof(remotehost) - 1] = 0;
- errorhost = remotehost;
hp = gethostbyname(remotehost);
if (hp == NULL) {
syslog(LOG_INFO,
@@ -366,8 +367,15 @@
}
}
}
- } else
- errorhost = hostname = inet_ntoa(fromp->sin_addr);
+ strncpy(rremotehost, hostname, sizeof(rremotehost) - 1);
+ rremotehost[sizeof(rremotehost) - 1] = 0;
+ hostname = rremotehost;
+ } else {
+ strncpy(rremotehost, inet_ntoa(fromp->sin_addr),
+ sizeof(rremotehost) - 1);
+ rremotehost[sizeof(rremotehost) - 1] = 0;
+ errorhost = hostname = rremotehost;
+ }
#ifdef KERBEROS
if (use_kerberos) {
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?m0uOLmh-0009ahC>