#
350345 |
|
26-Jul-2019 |
brooks |
MFC r316803,320033,338277,350098,350100-350101
r316803: tcp_wrappers: Sprinkle some bounds-checked string copying
Reported by: Coverity CIDs: 1006710, 1006804 Sponsored by: Dell EMC Isilon
r320033: TCP Wrappers: tcpdchk (tcp wrapper configuration checker) and tcpdmatch (tcp wrapper oracle) warning fixes via edits to the C code files
contrib/tcp_wrappers/fakelog.c Warnings for each of functions: openlog( ), vsyslog( ), VARARGS( ), closelog( ) warning: type specifier missing, defaults to 'int' [-Wimplicit-int] warning: control reaches end of non-void function [-Wreturn-type] Fixes: Explicitly added specification of function type to void for each function, suppressing both warnings for each function listed contrib/tcp_wrappers/inetcf.c Warnings: warning: incompativle redeclaration of library function 'malloc' note: 'malloc' is a builtin with type 'void *(unsigned long)' warning: implicit declaration of function 'check_path' is invalid in C99 [-Wimplicit-function-declaration] Fixes: Removed redeclaration of malloc on line 21 Included library <stdlib.h> in the code which contains the malloc( ) function in it's library Included scaffold.h header file in the code that contains check-path( ) function contrib/tcp_wrappers/scaffold.c Warnings: warning: implicitly declaring library function 'exit' with type 'void (int) __attribute__((noreturn))' [-Wimplicit-function-declaration] note: include the header <stdlib.h> or explicitly provide a declaration for 'exit' Fixes: Included <stdlib.h> in the code which contains the exit( ) function in it's library contrib/tcp_wrappers/tcpdchk.c Warnings: warning: implicit declaration of function 'getopt' is invalid in C99 [-Wimplicit-function-declaration] warning: implicit declaration of function 'atoi' is invalid in C99 [-Wimplicit-function-declaration] Fixes: Included the specific function <getopt.h> library to the code Included<stdlib.h> to the code which contains the atoi( ) function in the library contrib/tcp_wrappers/tcpdmatch.c Warnings: warning: implicit declaration of function 'getopt' is invalid in C99 [-Wimplicit-function-declaration] Fixes: Included<stdlib.h> to the code which contains the getopt( ) function in the library
Submitted by: Aaron Prieger <aprieger@llnw.com> Reviewed by: vangyzen Sponsored by: Limelight Networks Differential Revision: https://reviews.freebsd.org/D10995
r338277: Reduce the log level of tcpd_warn calls from ERR to WARNING. This matches the name and avoids logging of warnings to console with default syslog.conf, esp. getting rid of: warning: /etc/hosts.allow, line ..: can't verify hostname: \ getaddrinfo(.., AF_INET) failed
r350098: Use ANSI C function definitions and declerations.
Obtained from: CheriBSD Sponsored by: DARPA, AFRL
r350100: Use headers instead of manual declerations of standard functions and variables.
Obtained from: CheriBSD Sponsored by: DARPA, AFRL
r350101: Remove a duplicate global (rfc931_timeout).
It is declared here and in rfc931.c and unused here so keep that copy and discard this one.
Obtained from: CheriBSD Sponsored by: DARPA, AFRL
|
#
56977 |
|
03-Feb-2000 |
shin |
Missing tcp_wrapper IPv6 support seemed to be a bug, so commit it.
Now when tcp_wrapper is enabled by inetd -wW, several accesses which should be permitted are refused only for IPv6, if hostname is used to decide the host to be allowed. IPv6 users will be just upset.
About security related concern. -All extensions are wrapped by #ifdef INET6, so people can completely disable the extension by recompile libwrap without INET6 option. -Access via IPv6 is not enabled by default. People need to enable IPv6 access by changing /etc/inetd.conf at first, by adding tcp6 and/or tcp46 entries. -The base of patches are from KAME package and are actually daily used for more than a year in several Japanese IPv6 environments. -Patches are reviewed by markm.
Approved by: jkh
Submitted by: Hajimu UMEMOTO <ume@mahoroba.org> Reviewed by: markm Obtained from: KAME project
|