Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 47051 Details for
Bug 75941
net-misc/hylafax: hfaxd unauthorized login vulnerability
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
hylafax-hostvuln.patch
hylafax-hostvuln.patch (text/plain), 2.05 KB, created by
Thierry Carrez (RETIRED)
on 2004-12-28 12:54:18 UTC
(
hide
)
Description:
hylafax-hostvuln.patch
Filename:
MIME Type:
Creator:
Thierry Carrez (RETIRED)
Created:
2004-12-28 12:54:18 UTC
Size:
2.05 KB
patch
obsolete
>diff -Nru hylafax-4.2.0.orig/hfaxd/InetFaxServer.c++ hylafax-4.2.0/hfaxd/InetFaxServer.c++ >--- hylafax-4.2.0.orig/hfaxd/InetFaxServer.c++ Mon Dec 27 14:10:09 2004 >+++ hylafax-4.2.0/hfaxd/InetFaxServer.c++ Tue Dec 28 10:49:52 2004 >@@ -177,16 +177,14 @@ > /* > * Check host identity returned by gethostbyaddr to > * weed out clients trying to spoof us (this is mostly >- * a sanity check; it's still trivial to spoof). >- * If the name returned by gethostbyaddr is in our domain, >- * look up the name and check that the peer's address >+ * a sanity check; if they have full control of DNS >+ * they can still spoof) >+ * Look up the name and check that the peer's address > * corresponds to the host name. > */ > bool > InetFaxServer::checkHostIdentity(hostent*& hp) > { >- if (!isLocalDomain(hp->h_name)) // not local, don't check >- return (true); > fxStr name(hp->h_name); // must copy static value > hp = Socket::gethostbyname(name); > if (hp) { >diff -Nru hylafax-4.2.0.orig/hfaxd/User.c++ hylafax-4.2.0/hfaxd/User.c++ >--- hylafax-4.2.0.orig/hfaxd/User.c++ Mon Dec 27 14:10:21 2004 >+++ hylafax-4.2.0/hfaxd/User.c++ Tue Dec 28 11:00:32 2004 >@@ -136,16 +136,26 @@ > * must supply. The next field is the password that > * must be presented to gain administrative privileges. > * >+ * If the regex is a single word (no @ sign), we take it >+ * as a host only short form for (^[^@]*@<input> >+ * > * If the first character of the <regex> is a ``!'' > * then the line specifies user(s) to disallow; a match > * causes the user to be rejected w/o a password prompt. > * This facility is mainly for backwards compatibility. > */ > char* cp; >+ bool userandhost = false; > for (cp = line; *cp && *cp != ':'; cp++) >- ; >+ if (*cp == '@') userandhost = true; >+ > const char* base = &line[line[0] == '!']; >- RE pat(base, cp-base); >+ fxStr pattern(base, cp-base); >+ if (! userandhost) { >+ pattern.insert("^.*@"); >+ pattern.append("$"); >+ } >+ RE pat(pattern); > if (line[0] == '!') { // disallow access on match > if (pat.Find(dotform) || pat.Find(hostform)) > return (false);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=47051">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 75941
: 47051
