>Number:         30402
>Category:       lib
>Synopsis:       libwrap access control does not work when RBL is used
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Jun 02 12:47:00 +0000 2005
>Originator:     IMAMURA Tomoaki
>Release:        NetBSD 3.99.3
>Organization:
installer.org
>Environment:
	
	
System: NetBSD stardust.readme.jp 3.99.3 NetBSD 3.99.3 (GENERIC) #0: Sun May 15 12:49:15 JST 2005 root@stardust.readme.jp:/usr/src/sys/arch/i386/compile/GENERIC i386
Architecture: i386
Machine: i386
>Description:
libwrap's RBL support ("{RBL}.domain" specification) makes wrong DNS queries.
To check whether "aaa.bbb.ccc.ddd" is in "rbl.example.org", we have to build
query:
  1. reverse IP address part (to "ddd.ccc.bbb.aaa") 
  2. append RBL domain part(".rbl.example.org")
In the current source, 1 is forgotten, and the query becomes "aaa.bbb.ccc.ddd.rbl.example.org".  So access restrictions do not work adequately.

	
>How-To-Repeat:
	
>Fix:
	
--- hosts_access.c	26 Dec 2002 12:53:59 -0000	1.17
+++ hosts_access.c	2 Jun 2005 11:45:31 -0000
@@ -327,10 +327,10 @@
 	/* NOTREACHED */
     }
     snprintf(rbl_name, len, "%u.%u.%u.%u.%s",
-	    (unsigned int) ((host_address) & 0xff),
-	    (unsigned int) ((host_address >> 8) & 0xff),
-	    (unsigned int) ((host_address >> 16) & 0xff),
 	    (unsigned int) ((host_address >> 24) & 0xff),
+	    (unsigned int) ((host_address >> 16) & 0xff),
+	    (unsigned int) ((host_address >> 8) & 0xff),
+	    (unsigned int) ((host_address) & 0xff),
 	    rbl_domain);
     /* look it up */
     if (gethostbyname(rbl_name) != NULL) {

>Unformatted: