Re: CVS commit: src/lib/libwrap

[Gary Duzan <gary%duzan.org@localhost>]

In Message <20021226125359.2A213B42C%cvs.netbsd.org@localhost> ,
   Luke Mewburn <lukem%netbsd.org@localhost> wrote:

=>
=>Module Name:  src
=>Committed By: lukem
=>Date:         Thu Dec 26 12:53:59 UTC 2002
=>
=>Modified Files:
=>      src/lib/libwrap: hosts_access.c
=>
=>Log Message:
=>If we're going to replace strtok() with strtok_r(), and the caller of the
=>latter is invoked recursively, use static (instead of automatic) storage
=>for the "last" pointer so that we remember where we're up to ...

   Hmm. Doesn't this make libwrap itself less reentrant?

=>Fixes bug with hosts.deny rules such as "rpcbind: ALL EXCEPT some.domain".

   How about something like the attached, instead?

                                        Gary Duzan


Index: hosts_access.c
===================================================================
RCS file: /cvsroot/src/lib/libwrap/hosts_access.c,v
retrieving revision 1.17
diff -u -r1.17 hosts_access.c
--- hosts_access.c      2002/12/26 12:53:59     1.17
+++ hosts_access.c      2002/12/26 13:22:34
@@ -86,7 +86,7 @@
 
 static int table_match __P((char *, struct request_info *));
 static int list_match __P((char *, struct request_info *,
-    int (*)(char *, struct request_info *)));
+    int (*)(char *, struct request_info *), char **));
 static int server_match __P((char *, struct request_info *));
 static int client_match __P((char *, struct request_info *));
 static int host_match __P((char *, struct host_info *));
@@ -148,6 +148,7 @@
     char   *sh_cmd = NULL;             /* becomes optional shell command */
     int     match = NO;
     struct tcpd_context saved_context;
+    char   *match_last = NULL;
 
     saved_context = tcpd_context;              /* stupid compilers */
 
@@ -171,8 +172,8 @@
                continue;
            }
            sh_cmd = split_at(cl_list, ':');
-           match = list_match(sv_list, request, server_match)
-               && list_match(cl_list, request, client_match);
+           match = list_match(sv_list, request, server_match, &match_last)
+               && list_match(cl_list, request, client_match, &match_last);
        }
        (void) fclose(fp);
     } else if (errno != ENOENT) {
@@ -197,13 +198,13 @@
 
 /* list_match - match a request against a list of patterns with exceptions */
 
-static int list_match(list, request, match_fn)
+static int list_match(list, request, match_fn, match_last)
 char   *list;
 struct request_info *request;
 int   (*match_fn) __P((char *, struct request_info *));
+char **match_last;
 {
     char   *tok;
-    static char *last;
     int l;
 
     /*
@@ -213,8 +214,8 @@
      * the match is affected by any exceptions.
      */
 
-    for (tok = strtok_r(list, sep, &last); tok != 0;
-      tok = strtok_r(NULL, sep, &last)) {
+    for (tok = strtok_r(list, sep, match_last); tok != 0;
+      tok = strtok_r(NULL, sep, match_last)) {
        if (STR_EQ(tok, "EXCEPT"))              /* EXCEPT: give up */
            return (NO);
        l = strlen(tok);
@@ -223,9 +224,11 @@
            tok++;
        }
        if (match_fn(tok, request)) {           /* YES: look for exceptions */
-           while ((tok = strtok_r(NULL, sep, &last)) && STR_NE(tok, "EXCEPT"))
+           while ((tok = strtok_r(NULL, sep, match_last))
+               && STR_NE(tok, "EXCEPT"))
                 /* VOID */ ;
-           return (tok == 0 || list_match(NULL, request, match_fn) == 0);
+           return (tok == 0
+               || list_match(NULL, request, match_fn, match_last) == 0);
        }
     }
     return (NO);