Subject: bin/6813: uninitialized variable use in portmap/libwrap
To: None <>
From: Matthias Drochner <>
List: netbsd-bugs
Date: 01/15/1999 13:08:47
>Number:         6813
>Category:       bin
>Synopsis:       uninitialized variable use in portmap/libwrap
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bin-bug-people (Utility Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Jan 15 04:20:01 1999
>Originator:     Matthias Drochner
	KFA Juelich
>Release:        `date`
System: NetBSD zelz26 1.3I NetBSD 1.3I (ZELZ26.UVM) #983: Thu Jan 14 12:10:10 MET 1999 drochner@zelz26:/mnt/sys/arch/i386/compile/ZELZ26.UVM i386

	The check_access() function in portmap.c gets passed the IP address
of the caller and uses it to initialize the libwrap "request".
At this point, the file descriptor is not available; the corresponding
member of "request" is initialized to -1 by request_init().
check_access() calls libwrap's fromhost() then which relies on the
file descriptor. The "-1" leads to syslog output
"portmap[]: warning: can't get client address: Bad file descriptor",
but seems harmless otherwise.

	Run a -current system with standard inetd.conf setup.

	The call to fromhost() seems to be wrong here since the
caller's address is already known.

Index: portmap.c
RCS file: /cvsroot/src/usr.sbin/portmap/portmap.c,v
retrieving revision 1.15
diff -c -r1.15 portmap.c
*** portmap.c	1999/01/13 01:01:26	1.15
--- portmap.c	1999/01/15 11:51:59
*** 660,666 ****
  #ifdef LIBWRAP
  	request_init(&req, RQ_DAEMON, "portmap", RQ_CLIENT_SIN, addr, 0);
- 	fromhost(&req);
  	if(!hosts_access(&req)) {
  		logit(deny_severity, addr, proc, prog, ": request from unauthorized host");
  		return 0;
--- 660,665 ----