rpms/tcp_wrappers/devel tcp_wrappers-7.6-220015.patch, NONE, 1.1 tcp_wrappers.spec, 1.23, 1.24

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Fri Mar 9 10:12:48 UTC 2007 

Author: tjanouse

Update of /cvs/dist/rpms/tcp_wrappers/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv13212

Modified Files:
	tcp_wrappers.spec 
Added Files:
	tcp_wrappers-7.6-220015.patch 
Log Message:
* Fri Mar 09 2007 Tomas Janousek <tjanouse at redhat.com> - 7.6-43
- resolve hostnames in hosts.{allow,deny}, should fix a bunch of issues with
  IPv4/6


tcp_wrappers-7.6-220015.patch:
 hosts_access.c |   24 ++++++++++++++++++++++--
 socket.c       |   40 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 62 insertions(+), 2 deletions(-)

--- NEW FILE tcp_wrappers-7.6-220015.patch ---
--- tcp_wrappers_7.6/hosts_access.c.220015	2007-02-08 15:39:51.000000000 +0100
+++ tcp_wrappers_7.6/hosts_access.c	2007-02-08 15:39:51.000000000 +0100
@@ -312,8 +312,28 @@
     } else if ((mask = split_at(tok, '/')) != 0) {	/* net/mask */
 	return (masked_match(tok, mask, eval_hostaddr(host)));
     } else {					/* anything else */
-	return (string_match(tok, eval_hostaddr(host))
-	    || (NOT_INADDR(tok) && string_match(tok, eval_hostname(host))));
+	int ret;
+	if ((ret = string_match(tok, eval_hostaddr(host))))
+	    return ret;
+
+	if (NOT_INADDR(tok)) {
+	    if ((ret = string_match(tok, eval_hostname(host))))
+		return ret;
+
+	    /* try to resolve the pattern and match the numeric
+	     * addresses */
+	    const char *tok_resolved = sock_resolve(tok, AF_INET);
+	    if (HOSTNAME_KNOWN(tok_resolved))
+		if ((ret = string_match(tok_resolved, eval_hostaddr(host))))
+		    return ret;
+
+	    tok_resolved = sock_resolve(tok, AF_INET6);
+	    if (HOSTNAME_KNOWN(tok_resolved))
+		if ((ret = string_match(tok_resolved, eval_hostaddr(host))))
+		    return ret;
+	}
+
+	return (NO);
     }
 }
 
--- tcp_wrappers_7.6/socket.c.220015	2007-02-08 15:39:51.000000000 +0100
+++ tcp_wrappers_7.6/socket.c	2007-02-08 15:41:38.000000000 +0100
@@ -435,3 +435,43 @@
 
     (void) recvfrom(fd, buf, sizeof(buf), 0, (struct sockaddr *) & sin, &size);
 }
+
+/* sock_resolve - resolve the hostname to ip and return a string */
+
+const char * sock_resolve(hostname, family)
+const char * hostname;
+int family;
+{
+    static struct host_info h;
+
+    memset(&h, 0, sizeof(h));
+
+    int ret;
+    struct addrinfo hints, *res;
+
+    memset(&hints, 0, sizeof(hints));
+    hints.ai_family = family;
+    hints.ai_socktype = SOCK_STREAM;
+    hints.ai_flags = AI_PASSIVE;
+
+    if ((ret = getaddrinfo(hostname, NULL, &hints, &res)) == 0) {
+	h.sin = res->ai_addr;
+	sock_hostaddr(&h);
+	freeaddrinfo(res);
+
+	/* we have to add [] to the ipv6 address, as the string_match funtion
+	 * will do a more correct match then */
+	if (family == AF_INET6) {
+	    int len = strlen(h.addr);
+	    memmove(h.addr + 1, h.addr, len + 1);
+	    h.addr[0] = '[';
+	    h.addr[len + 1] = ']';
+	    h.addr[len + 2] = 0;
+	}
+
+	return h.addr;
+    } else {
+	tcpd_warn("can't get pattern (%s) address: %s", hostname, gai_strerror(ret));
+	return STRING_UNKNOWN;
+    }
+}


Index: tcp_wrappers.spec
===================================================================
RCS file: /cvs/dist/rpms/tcp_wrappers/devel/tcp_wrappers.spec,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- tcp_wrappers.spec	8 Mar 2007 14:41:55 -0000	1.23
+++ tcp_wrappers.spec	9 Mar 2007 10:12:45 -0000	1.24
@@ -1,7 +1,7 @@
 Summary: A security tool which acts as a wrapper for TCP daemons.
 Name: tcp_wrappers
 Version: 7.6
-Release: 42.1%{?dist}
+Release: 43%{?dist}
 
 %define LIB_MAJOR 0
 %define LIB_MINOR 7
@@ -27,6 +27,7 @@
 Patch14: tcp_wrappers-7.6-ldflags.patch
 Patch15: tcp_wrappers-7.6-fix_sig-bug141110.patch
 Patch16: tcp_wrappers-7.6-162412.patch
+Patch17: tcp_wrappers-7.6-220015.patch
 # required by sin_scope_id in ipv6 patch
 BuildRequires: glibc-devel >= 2.2		
 BuildRoot: %{_tmppath}/%{name}-root
@@ -79,6 +80,7 @@
 %patch14 -p1 -b .cflags
 %patch15 -p1 -b .fix_sig
 %patch16 -p1 -b .162412
+%patch17 -p1 -b .220015
 
 %build
 make RPM_OPT_FLAGS="$RPM_OPT_FLAGS -fPIC -DPIC -D_REENTRANT -DHAVE_STRERROR" LDFLAGS="-pie" MAJOR=%{LIB_MAJOR} MINOR=%{LIB_MINOR} REL=%{LIB_REL} linux
@@ -135,6 +137,10 @@
 %{_mandir}/man3/*
 
 %changelog
+* Fri Mar 09 2007 Tomas Janousek <tjanouse at redhat.com> - 7.6-43
+- resolve hostnames in hosts.{allow,deny}, should fix a bunch of issues with
+  IPv4/6
+
 * Thu Mar 08 2007 Tomas Janousek <tjanouse at redhat.com> - 7.6-42.1
 - moved libwrap.so* to /lib
 - removed the static library libwrap.a

More information about the fedora-cvs-commits mailing list