>Number:         10321
>Category:       bin
>Synopsis:       rpcbind's security check is broken
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Jun 08 00:52:00 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     
>Release:        NetBSD 1.4ZA
>Organization:
	
>Environment:
	
System: NetBSD een.sat.t.u-tokyo.ac.jp 1.4ZA NetBSD 1.4ZA (EEN) #13: Wed Jun 7 14:13:27 JST 2000 iwamoto@een.sat.t.u-tokyo.ac.jp:/usr/src/syssrc/sys/arch/i386/compile/EEN i386


>Description:
	rpcbind(8) says that local TCP/UDP requests are accepted with "-L",
	but this does not happen because of a coding mistake.

>How-To-Repeat:
	Try to run old rpc programs without installing new libc.so.

>Fix:
	Apply the following patch.

cvs diff: Diffing usr.sbin/rpcbind
Index: usr.sbin/rpcbind/security.c
===================================================================
RCS file: /public/dpt/NetBSD/NetBSD-CVS/basesrc/usr.sbin/rpcbind/security.c,v
retrieving revision 1.3
diff -u -r1.3 security.c
--- usr.sbin/rpcbind/security.c 2000/06/04 12:06:44     1.3
+++ usr.sbin/rpcbind/security.c 2000/06/07 05:19:46
@@ -134,14 +134,14 @@
                        return 0;
                sin = (struct sockaddr_in *)addr;
                return ((sin->sin_addr.s_addr == htonl(INADDR_LOOPBACK)) &&
-                   (sin->sin_port < IPPORT_RESERVED));
+                   (ntohs(sin->sin_port) < IPPORT_RESERVED));
 #ifdef INET6
        case AF_INET6:
                if (!oldstyle_local)
                        return 0;
                sin6 = (struct sockaddr_in6 *)addr;
                return (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr) &&
-                   (sin6->sin6_port < IPPORT_RESERVED));
+                   (ntohs(sin6->sin6_port) < IPPORT_RESERVED));
 #endif
        case AF_LOCAL:
                return 1;
>Release-Note:
>Audit-Trail:
>Unformatted: