From owner-freebsd-security Sat Jun 2 8: 5:37 2001 Delivered-To: freebsd-security@freebsd.org Received: from light.imasy.or.jp (light.imasy.or.jp [202.227.24.4]) by hub.freebsd.org (Postfix) with ESMTP id 2DDEB37B424; Sat, 2 Jun 2001 08:05:29 -0700 (PDT) (envelope-from ume@mahoroba.org) Received: (from uucp@localhost) by light.imasy.or.jp (8.11.3+3.4W/8.11.3/light/smtpfeed 1.12) with UUCP id f52F5Ix29669; Sun, 3 Jun 2001 00:05:18 +0900 (JST) (envelope-from ume@mahoroba.org) Received: from peace.mahoroba.org (IDENT:tpRDXFKdCSqQiZl9YnoZDQrABCHnxMRSkCslKvY09rKYfnNadvyOgH0leB/m13tc@peace.mahoroba.org [3ffe:505:2:0:200:f8ff:fe05:3eae]) (authenticated as ume with CRAM-MD5) by mail.mahoroba.org (8.11.4/8.11.4/chaos) with ESMTP/inet6 id f52F4xc11143; Sun, 3 Jun 2001 00:04:59 +0900 (JST) (envelope-from ume@mahoroba.org) Date: Sun, 03 Jun 2001 00:04:55 +0900 (JST) Message-Id: <20010603.000455.78786804.ume@mahoroba.org> To: mdavis@cts.com Cc: freebsd-stable@freebsd.org, security@freebsd.org, wollman@FreeBSD.org, gad@FreeBSD.org Subject: Re: lpd: Malformed from address From: Hajimu UMEMOTO In-Reply-To: <000001c0eb56$6d6ae250$241978d8@cts.com> References: <000001c0eb56$6d6ae250$241978d8@cts.com> X-Mailer: xcite1.38> Mew version 1.95b119 on Emacs 20.7 / Mule 4.0 =?iso-2022-jp?B?KBskQjJWMWMbKEIp?= X-PGP-Public-Key: http://www.imasy.org/~ume/publickey.asc X-PGP-Fingerprint: 6B 0C 53 FC 5D D0 37 91 05 D0 B3 EF 36 9B 6A BC X-URL: http://www.imasy.org/~ume/ X-Operating-System: FreeBSD 5.0-CURRENT Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >>>>> On Sat, 2 Jun 2001 04:23:18 -0700 >>>>> "Morgan Davis" said: mdavis> After upgrading two different FreeBSD 4.2 systems to 4.3, they both mdavis> began to exhibit trouble when trying to print to their lpd processes. mdavis> Watching the raw traffic via tcpdump, both are failing immediately when mdavis> lpd tries to resolve the connecting client's address in chkhost(): mdavis> error = getnameinfo(f, f->sa_len, NULL, 0, serv, sizeof(serv), mdavis> NI_NUMERICSERV); mdavis> if (error || atoi(serv) >= IPPORT_RESERVED) mdavis> fatal(0, "Malformed from address"); mdavis> It can be exercised via telnet: mdavis> # telnet golf printer mdavis> Trying 205.163.23.102... mdavis> Connected to golf.cts.com. mdavis> Escape character is '^]'. mdavis> lpd: Malformed from address mdavis> Connection closed by foreign host. mdavis> This happens on both systems, different kernels, one running named and mdavis> one not. What in the world could be causing this? When I ported IPv6 support into FreeBSD from NetBSD, I wrongly brought reserved port checking code into FreeBSD. Originally, FreeBSD's lpd didn't check validity of connection by checking if it comes from reserved port. However, since lpd relies on r-authentication, it should be expected. Though it is easy to get rid of reserved port checking, we should have some considerlation. Any suggestion? -- Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan ume@mahoroba.org ume@bisd.hitachi.co.jp ume@{,jp.}FreeBSD.org http://www.imasy.org/~ume/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message