From owner-freebsd-security Sat Jun 2 9:55: 8 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.rpi.edu (mail.rpi.edu [128.113.22.40]) by hub.freebsd.org (Postfix) with ESMTP id A709E37B42C; Sat, 2 Jun 2001 09:55:00 -0700 (PDT) (envelope-from drosih@rpi.edu) Received: from [128.113.24.47] (gilead.acs.rpi.edu [128.113.24.47]) by mail.rpi.edu (8.11.3/8.11.3) with ESMTP id f52GswS39126; Sat, 2 Jun 2001 12:54:58 -0400 Mime-Version: 1.0 X-Sender: drosih@mail.rpi.edu Message-Id: In-Reply-To: <000001c0eb56$6d6ae250$241978d8@cts.com> References: <000001c0eb56$6d6ae250$241978d8@cts.com> Date: Sat, 2 Jun 2001 12:54:55 -0400 To: "Morgan Davis" , From: Garance A Drosihn Subject: Re: lpd: Malformed from address Cc: security@FreeBSD.ORG, wollman@FreeBSD.ORG, Hajimu UMEMOTO , freebsd-print@bostonradio.org Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 4:23 AM -0700 6/2/01, Morgan Davis wrote: > > After upgrading two different FreeBSD 4.2 systems to 4.3, > > they both began to exhibit trouble when trying to print > > to their lpd processes. > > Watching the raw traffic via tcpdump, both are failing > > immediately when lpd tries to resolve the connecting > > client's address in chkhost(): > > > > error = getnameinfo(f, f->sa_len, NULL, 0, serv, > > sizeof(serv), NI_NUMERICSERV); > > if (error || atoi(serv) >= IPPORT_RESERVED) > > fatal(0, "Malformed from address"); So, both of these systems are being sent print jobs from OTHER machines, and are refusing to accept those jobs due to the malformed 'from' address? Does this happen with jobs from all machines which send to the two print-servers, or only from some machines? For the client machines which DO fail, what OS are they running? Is there any reason those clients would NOT be sending from a reserved port? In your 'tcpdump' output, what port is the request coming from? Also, are the print jobs being sent via IPv4 connections, or IPv6 connections? In a later message on 6/3/01, Hajimu UMEMOTO wrote: >When I ported IPv6 support into FreeBSD from NetBSD, I wrongly >brought reserved port checking code into FreeBSD. Originally, >FreeBSD's lpd didn't check validity of connection by checking >if it comes from reserved port. Hmm. I wonder if this is something that got dropped along the way somewhere. The lpd I use at RPI *does* check that jobs are coming from a reserved port, and I am pretty sure I never wrote that code. That implies that it must have been in whatever version of lpd that RPI started with (*). But you are right that freebsd's version before the IPv6 update did not check (or at least, if the check was there then it did not work correctly). This is one of the sections of lpd where I haven't tried to reconcile RPI's code with freebsd's code. [* - although someone else did work on lpd at RPI before I did, so maybe they added this check] >However, since lpd relies on r-authentication, it should be >expected. Though it is easy to get rid of reserved port >checking, we should have some consideration. Any suggestion? It seems to me that checking for a reserved port is a good thing, so I want to hear back from Morgan to make sure we know what the exact problem is. It may be that the idea of doing the check is correct, but this specific implementation has a bug in it. [again, note that RPI's print servers have been running for years WITH a check for reserved port, and I am not aware of that causing any problems. So, I find it curious that the check would be causing a problem for Morgan] -- Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu Senior Systems Programmer or gad@freebsd.org Rensselaer Polytechnic Institute or drosih@rpi.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message