mirror of
https://github.com/freebsd/freebsd-src
synced 2024-07-08 20:26:31 +00:00
tcp_wrappers: recognize IPv6 addresses/prefixes
Intentionally or not, but the libwrap was written in such manner that if your /etc/hosts.allow doesn't have any domain names, neither smart keywords like LOCAL or KNOWN, then it will not try to resolve the client address during the hosts check. This was achieved with the NOT_INADDR() check that matched IPv4 addresses/prefixes. Extend this to also skip resolve if client list token looks like IPv6. Reviewed by: philip, emaste PR: 269456 Differential revision: https://reviews.freebsd.org/D40070
This commit is contained in:
parent
9ff45b8ed8
commit
1d9722de6f
|
@ -315,7 +315,8 @@ static int host_match(char *tok, struct host_info *host)
|
|||
return (masked_match(tok, mask, eval_hostaddr(host)));
|
||||
} else { /* anything else */
|
||||
return (string_match(tok, eval_hostaddr(host))
|
||||
|| (NOT_INADDR(tok) && string_match(tok, eval_hostname(host))));
|
||||
|| (NOT_INADDR(tok) && NOT_INADDR6(tok)
|
||||
&& string_match(tok, eval_hostname(host))));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -70,6 +70,7 @@ extern char paranoid[];
|
|||
#define HOSTNAME_KNOWN(s) (STR_NE((s),unknown) && STR_NE((s),paranoid))
|
||||
|
||||
#define NOT_INADDR(s) (s[strspn(s,"01234567890./")] != 0)
|
||||
#define NOT_INADDR6(s) (strchr(s, ':') == NULL)
|
||||
|
||||
/* Global functions. */
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user