[src/netbsd-1-4]: src/usr.sbin/amd/amd pull up rev 1.11 from trunk (requested...

[cgd <cgd%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/3ea32e672961
branches:  netbsd-1-4
changeset: 469425:3ea32e672961
user:      cgd <cgd%NetBSD.org@localhost>
date:      Tue Sep 21 04:54:54 1999 +0000

description:
pull up rev 1.11 from trunk (requested by christos):
  Upgrade amd(8) and related software to fix expoitable stack overflows
  in amq(8), as reported in BUGTRAQ and elsewhere.

diffstat:

 usr.sbin/amd/amd/amq_subr.c |  41 ++++++++++++++++++++---------------------
 1 files changed, 20 insertions(+), 21 deletions(-)

diffs (78 lines):

diff -r 700e644e46ce -r 3ea32e672961 usr.sbin/amd/amd/amq_subr.c
--- a/usr.sbin/amd/amd/amq_subr.c       Tue Sep 21 04:54:40 1999 +0000
+++ b/usr.sbin/amd/amd/amq_subr.c       Tue Sep 21 04:54:54 1999 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: amq_subr.c,v 1.10 1999/02/01 19:05:09 christos Exp $   */
+/*     $NetBSD: amq_subr.c,v 1.10.2.1 1999/09/21 04:54:54 cgd Exp $    */
 
 /*
  * Copyright (c) 1997-1999 Erez Zadok
@@ -40,7 +40,7 @@
  *
  *      %W% (Berkeley) %G%
  *
- * Id: amq_subr.c,v 1.3 1999/01/10 21:53:43 ezk Exp 
+ * Id: amq_subr.c,v 1.5 1999/08/24 21:31:06 ezk Exp 
  *
  */
 /*
@@ -189,7 +189,7 @@
     return(0);                 /* assume security is therefore not OK */
   }
 
-  if (ntohs(sin->sin_port) >= 1024 ||
+  if (ntohs(sin->sin_port) >= IPPORT_RESERVED ||
       !(sin->sin_addr.s_addr == htonl(0x7f000001) ||
        sin->sin_addr.s_addr == myipaddr.s_addr)) {
     char dq[20];
@@ -206,11 +206,24 @@
 int *
 amqproc_mount_1_svc(voidp argp, struct svc_req *rqstp)
 {
-  static int rc;
-  char *s = *(amq_string *) argp;
+  static int rc = EINVAL;
+  char s[AMQ_STRLEN];
   char *cp;
+  char dq[20];
+  struct sockaddr_in *sin;
 
-  plog(XLOG_INFO, "amq requested mount of %s", s);
+  if ((sin = amu_svc_getcaller(rqstp->rq_xprt)) == NULL) {
+    plog(XLOG_ERROR, "amu_svc_getcaller returned NULL");
+    return &rc;
+  }
+
+  strncpy(s, *(amq_string *) argp, AMQ_STRLEN-1);
+  s[AMQ_STRLEN-1] = '\0';      /* null terminate, to be sure */
+  plog(XLOG_ERROR,
+       "amq requested mount of %s from %s.%d",
+       s, inet_dquad(dq, sin->sin_addr.s_addr),
+       ntohs(sin->sin_port));
+
   /*
    * Minimalist security check.
    */
@@ -242,21 +255,7 @@
     return 0;
   return &rc;
 }
-
-#else /* not ENABLE_AMQ_MOUNT */
-
-int *
-amqproc_mount_1_svc(voidp argp, struct svc_req *rqstp)
-{
-  static int rc;
-  char *s = *(amq_string *) argp;
-
-  plog(XLOG_ERROR, "amq requested mount of %s, but code is disabled", s);
-
-  rc = EINVAL;
-  return &rc;
-}
-#endif /* not ENABLE_AMQ_MOUNT */
+#endif /* ENABLE_AMQ_MOUNT */
 
 
 amq_string *