>Number:         9555
>Category:       bin
>Synopsis:       portmap does libwrap logging even without "-l" flag
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bin-bug-people (Utility Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Mar  6 03:42:01 2000
>Last-Modified:
>Originator:     Urban Boquist
>Organization:
Carlstedt Research & Technology AB, Sweden
>Release:        NetBSD-current 2000-03-06
>Environment:
	
System: NetBSD iller 1.4T NetBSD 1.4T (ILLER-$Revision: 1.9 $) #0: Wed Mar 1 22:03:52 CET 2000 root@iller:/usr/src/sys/arch/i386/compile/ILLER i386


>Description:
All calls to "logit()" in portmap.c are protected by an "if (verboselog)"
except one. This missing conditional results in excessive logging in
certain situations.

>How-To-Repeat:
Use /etc/hosts.{allow,deny} and run portmap without the "-l"
flag. Then hook into a LAN where many hosts run ypbind in broadcast
mode, hosts that are unauthorized according to
/etc/hosts.{allow,deny}. Watch your console get totally swamped with
portmap messages.

>Fix:
Index: portmap.c
===================================================================
RCS file: /cvsroot/basesrc/usr.sbin/portmap/portmap.c,v
retrieving revision 1.23
diff -u -r1.23 portmap.c
--- portmap.c	2000/01/27 16:28:32	1.23
+++ portmap.c	2000/03/06 11:21:13
@@ -693,7 +693,9 @@
 	request_init(&req, RQ_DAEMON, "portmap", RQ_CLIENT_SIN, addr, 0);
 	sock_methods(&req);
 	if(!hosts_access(&req)) {
-		logit(deny_severity, addr, proc, prog, ": request from unauthorized host");
+		if (verboselog)
+			logit(deny_severity, addr, proc, prog,
+			      ": request from unauthorized host");
 		return 0;
 	}
 #endif
>Audit-Trail:
>Unformatted: