[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
src/server.c:check_pam_password(): Bad structure for storing peer addres
|
From: |
Petr Pisar |
|
Subject: |
src/server.c:check_pam_password(): Bad structure for storing peer address |
|
Date: |
Thu, 10 Mar 2011 17:45:38 +0100 |
|
User-agent: |
Mutt/1.5.21 (2010-09-15) |
Hello,
while back-porting PAM_RHOST setting from development CVS tree, I found there
is a bug in retrieving peer address (src/server.c):
static int
check_pam_password (char **username, char *password)
{
int retval, err;
struct pam_conv conv = { cvs_pam_conv, 0 };
char *pam_stage = "start";
struct sockaddr peer;
int len;
char host[NI_MAXHOST];
/* get the client's ip address */
len = sizeof (peer);
if (getpeername (STDIN_FILENO, &peer, &len) < 0)
[...]
/* convert the ip address to text */
if (getnameinfo(&peer, len, host, NI_MAXHOST,
NULL, 0, NI_NUMERICHOST) < 0)
[...]
}
The `peer' variable should be type of `struct sockaddr_storage'. Also the
`len' variable should be type of `socklen_t' to conform Single UNIX
Specification.
You need then to cast the `&peer' variable to `struct sockaddr *' before
passing it to getpeername() and getnameinfo().
Current code has problem when client connects via IPv6. Its address becomes
bigger then struct sockaddr and then getpeername() writes date into
unallocated memory and getnameinfo() reads from uninitialized memory.
The problem is described in Debian bug tracking system
(http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=601253#27).
-- Petr
pgpjigDXiRYUW.pgp
Description: PGP signature
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- src/server.c:check_pam_password(): Bad structure for storing peer address,
Petr Pisar <=