Subject: bin/9555: portmap logs too much when run without "-l"
To: None <gnats-bugs@gnats.netbsd.org>
From: None <boquist@crt.se>
List: netbsd-bugs
Date: 03/06/2000 03:45:38
>Number: 9555
>Category: bin
>Synopsis: portmap does libwrap logging even without "-l" flag
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: bin-bug-people (Utility Bug People)
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon Mar 6 03:42:01 2000
>Last-Modified:
>Originator: Urban Boquist
>Organization:
Carlstedt Research & Technology AB, Sweden
>Release: NetBSD-current 2000-03-06
>Environment:
System: NetBSD iller 1.4T NetBSD 1.4T (ILLER-$Revision: 1.9 $) #0: Wed Mar 1 22:03:52 CET 2000 root@iller:/usr/src/sys/arch/i386/compile/ILLER i386
>Description:
All calls to "logit()" in portmap.c are protected by an "if (verboselog)"
except one. This missing conditional results in excessive logging in
certain situations.
>How-To-Repeat:
Use /etc/hosts.{allow,deny} and run portmap without the "-l"
flag. Then hook into a LAN where many hosts run ypbind in broadcast
mode, hosts that are unauthorized according to
/etc/hosts.{allow,deny}. Watch your console get totally swamped with
portmap messages.
>Fix:
Index: portmap.c
===================================================================
RCS file: /cvsroot/basesrc/usr.sbin/portmap/portmap.c,v
retrieving revision 1.23
diff -u -r1.23 portmap.c
--- portmap.c 2000/01/27 16:28:32 1.23
+++ portmap.c 2000/03/06 11:21:13
@@ -693,7 +693,9 @@
request_init(&req, RQ_DAEMON, "portmap", RQ_CLIENT_SIN, addr, 0);
sock_methods(&req);
if(!hosts_access(&req)) {
- logit(deny_severity, addr, proc, prog, ": request from unauthorized host");
+ if (verboselog)
+ logit(deny_severity, addr, proc, prog,
+ ": request from unauthorized host");
return 0;
}
#endif
>Audit-Trail:
>Unformatted: