netbsd-bugs: bin/5310: pppd does gethostbyname on '*' if allowed peer address is wildcarded

Subject: bin/5310: pppd does gethostbyname on '*' if allowed peer address is wildcarded
To: None <gnats-bugs@gnats.netbsd.org>
From: Dave Huang <khym@bga.com>
List: netbsd-bugs
Date: 04/17/1998 16:27:33

>Number:         5310
>Category:       bin
>Synopsis:       pppd does gethostbyname on '*' if allowed peer address is wildcarded
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bin-bug-people (Utility Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Apr 17 14:35:00 1998
>Last-Modified:
>Originator:     Dave Huang
>Organization:
Name: Dave Huang     |   Mammal, mammal / their names are called /
INet: khym@bga.com   |   they raise a paw / the bat, the cat /
FurryMUCK: Dahan     |   dolphin and dog / koala bear and hog -- TMBG
Dahan: Hani G Y+C 22 Y++ L+++ W- C++ T++ A+ E+ S++ V++ F- Q+++ P+ B+ PA+ PL++
>Release:        NetBSD-current as of April 17, 1998
>Environment:
	
System: NetBSD dahan.metonymy.com 1.3E NetBSD 1.3E (SPIFF) #211: Fri Apr 17 05:41:18 CDT 1998 khym@dahan.metonymy.com:/usr/src.local/sys/arch/i386/compile/SPIFF i386


>Description:
	The pppd manpage has the following explanation of the
pap-secrets and chap-secrets files:

     Any following words on  the same line are  taken to be a  list of
     acceptable IP   addresses for that  client. If  there  are only 3
     words on  the line,  or if  the first  word is  "-",  then all IP
     addresses are disallowed. To allow any address, use "*".

This works fine, except if the acceptable IP address field is "*", pppd
will still do a gethostbyname on it, thinking it may be a hostname. The
DNS query may unneccesarily bring up a demand-dial connection to the
Internet, which is rather annoying :)

>How-To-Repeat:
	My router machine has a demand-dial ppp connection to my ISP,
and another ppp connection to my laptop. The pap-secrets line for the
laptop is:

khym * "" *

Whenever the laptop establishes the ppp connection, the router'll bring
up the connection to the internet to do the DNS lookup for "*".

>Fix:
--- /usr/src/usr.sbin/pppd/pppd/auth.c	Mon Sep 29 06:32:38 1997
+++ auth.c	Mon Sep 29 15:14:44 1997
@@ -1066,7 +1066,7 @@
 	u_int32_t a;
 	struct hostent *hp;
 
-	if (wo->hisaddr == 0 && *p != '!' && *p != '-'
+	if (wo->hisaddr == 0 && *p != '!' && *p != '-' && *p != '*'
 	    && strchr(p, '/') == NULL) {
 	    hp = gethostbyname(p);
 	    if (hp != NULL && hp->h_addrtype == AF_INET)

>Audit-Trail:
>Unformatted: