Bug 74660
| Summary: | libwrap: The comparison against an IP addres is not stripped down to an ip address. | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | [Retired] Red Hat Linux | Reporter: | James Antill <james.antill> | ||||||
| Component: | net-snmp | Assignee: | Phil Knirsch <pknirsch> | ||||||
| Status: | CLOSED RAWHIDE | QA Contact: | |||||||
| Severity: | medium | Docs Contact: | |||||||
| Priority: | medium | ||||||||
| Version: | 8.0 | CC: | joerg, marcel, rvokal | ||||||
| Target Milestone: | --- | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | i386 | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2003-08-13 13:49:09 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Attachments: |
|
||||||||
The attached patch works for me and also fixes a typo It also applies to current rawhide I also took the freedom to add the buzzword libwrap to the summary is better query results Created attachment 90514 [details]
Sorry, wrong file uploaded
Created attachment 90515 [details]
This time it is for real the proper patch file
to be applied to the extracted src.rpm
Patch included in net-snmp-5.0.8-8 and later. Read ya, Phil |
Description of Problem: On 7.3 having an entry like... snmpd: 63.113.167.33 ...will (asusming hosts.deny has just "ALL : ALL" in it) only allow access from 63.113.167.33 to the snmpd daemon. However on 8.0 it doesn't, and an ltrace gives... fgets("snmpd: 63.113.167.33\n", 2048, 0x08291c40) = 0xbfffdd20 strlen("snmpd: 63.113.167.33\n") = 21 strspn("snmpd: 63.113.167.33\n", " \t\r\n") = 0 strtok(0xbfffdd20, 0x0805010b, 0, 0, 0) = 0xbfffdd20 strcasecmp("snmpd", "EXCEPT") = 14 strncasecmp(0xbfffe614, 0x0804fafa, 7, 0, 0) = 57 strchr("snmpd", '*') = NULL strchr("snmpd", '?') = NULL strcasecmp("snmpd", "ALL") = 18 strcasecmp("snmpd", "KNOWN") = 8 strlen("snmpd") = 5 strcasecmp("snmpd", "snmpd") = 0 strtok(0, 0x0805010b, 0, 0, 0) = 0 strtok(0xbfffdd26, 0x0805010b, 0, 0, 0) = 0xbfffdd27 strcasecmp("63.113.167.33", "EXCEPT") = -47 strcasecmp("63.113.167.33", "KNOWN") = -53 strcasecmp("63.113.167.33", "LOCAL") = -54 strncasecmp(0xbfffe720, 0x0804fafa, 7, 0, 0) = 59 strchr("63.113.167.33", '*') = NULL strchr("63.113.167.33", '?') = NULL strcasecmp("63.113.167.33", "ALL") = -43 strcasecmp("63.113.167.33", "KNOWN") = -53 strlen("63.113.167.33") = 13 strcasecmp("63.113.167.33", "udp:63.113.167.33:32833") = -63 strspn("63.113.167.33", "01234567890./") = 13 strtok(0, 0x0805010b, 0, 0, 0) = 0 ...here you can see that it is comparing against "udp:<ipaddres>:<port> which isn't representable in the hosts.allow file (because ':' is used to seperate fields). Note that this isn't a tcp_wrappers problem, as tcp_wrappers works fine in other applications (see additional info.). Version-Release number of selected component (if applicable): tcp_wrappers-7.6-23 How Reproducible: Always Steps to Reproduce: See above. Actual Results: Expected Results: Additional Information: Also doing .and.org doesn't seem to do the right thing either. Here is the ltrace of the begining of the trace... snmp_get_do_debugging(10, 0xbfffecb0, 0xbfffec30, 0xbfffebb0, 0) = 0 snmp_read(0xbfffecb0, 0xbfffecb0, 0xbfffec30, 0xbfffebb0, 0 <unfinished ...> strcpy(0xbfffe614, "unknown") = 0xbfffe614 getpid() = 1719 sprintf("1719", "%d", 1719) = 4 strncpy(0xbfffe614, "snmpd", 128) = 0xbfffe614 strncpy(0xbfffe6a0, "unknown", 128) = 0xbfffe6a0 strncpy(0xbfffe720, "udp:63.113.167.33:32833", 128) = 0xbfffe720 strncpy(0xbfffe594, "unknown", 128) = 0xbfffe594 ...the third strncpy() is the problem, and is triggered by some code inside snmpd.