Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

blacklist: Allow blacklist_sa to work with an invalid fd

Browse Source 
fd -1 is invalid, so don't query it for protocol, port or address.

fd is supposed to represent how the client is connected, but if we are
parsing route(4) messages or log files then there is no client connection
to interogate.
This commit is contained in:
roy 2020-03-11 02:12:08 +00:00
parent 8dcd5a32c9
commit dbbcb133c0
3 changed files with 37 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
external/bsd/blacklist/bin/blacklistd.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: blacklistd.c,v 1.40 2020/03/10 13:36:07 roy Exp $ */
/* $NetBSD: blacklistd.c,v 1.41 2020/03/11 02:12:08 roy Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@ -32,7 +32,7 @@
#include "config.h"
#endif
#include <sys/cdefs.h>
__RCSID("$NetBSD: blacklistd.c,v 1.40 2020/03/10 13:36:07 roy Exp $");
__RCSID("$NetBSD: blacklistd.c,v 1.41 2020/03/11 02:12:08 roy Exp $");
#include <sys/types.h>
#include <sys/socket.h>
@ -119,12 +119,14 @@ getremoteaddress(bl_info_t *bi, struct sockaddr_storage *rss, socklen_t *rsl)
*rsl = sizeof(*rss);
memset(rss, 0, *rsl);
if (getpeername(bi->bi_fd, (void *)rss, rsl) != -1)
return 0;
if (bi->bi_fd != -1) {
if (getpeername(bi->bi_fd, (void *)rss, rsl) != -1)
return 0;
if (errno != ENOTCONN) {
(*lfun)(LOG_ERR, "getpeername failed (%m)");
return -1;
if (errno != ENOTCONN) {
(*lfun)(LOG_ERR, "getpeername failed (%m)");
return -1;
}
}
if (bi->bi_slen == 0) {

13
external/bsd/blacklist/bin/conf.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: conf.c,v 1.26 2020/03/10 13:36:07 roy Exp $ */
/* $NetBSD: conf.c,v 1.27 2020/03/11 02:12:08 roy Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@ -33,7 +33,7 @@
#endif
#include <sys/cdefs.h>
__RCSID("$NetBSD: conf.c,v 1.26 2020/03/10 13:36:07 roy Exp $");
__RCSID("$NetBSD: conf.c,v 1.27 2020/03/11 02:12:08 roy Exp $");
#include <stdio.h>
#ifdef HAVE_LIBUTIL_H
@ -1009,6 +1009,14 @@ conf_find(int fd, uid_t uid, const struct sockaddr_storage *rss,
char buf[BUFSIZ];
memset(cr, 0, sizeof(*cr));
if (fd == -1) {
cr->c_proto = FSTAR;
cr->c_port = FSTAR;
memcpy(&lss, rss, sizeof(lss));
goto done_fd;
}
slen = sizeof(lss);
memset(&lss, 0, slen);
if (getsockname(fd, (void *)&lss, &slen) == -1) {
@ -1051,6 +1059,7 @@ conf_find(int fd, uid_t uid, const struct sockaddr_storage *rss,
return NULL;
}
done_fd:
cr->c_ss = lss;
cr->c_lmask = FSTAR;
cr->c_uid = (int)uid;

32
external/bsd/blacklist/lib/bl.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: bl.c,v 1.29 2020/03/10 13:36:08 roy Exp $ */
/* $NetBSD: bl.c,v 1.30 2020/03/11 02:12:08 roy Exp $ */
/*-
* Copyright (c) 2014 The NetBSD Foundation, Inc.
@ -33,7 +33,7 @@
#endif
#include <sys/cdefs.h>
__RCSID("$NetBSD: bl.c,v 1.29 2020/03/10 13:36:08 roy Exp $");
__RCSID("$NetBSD: bl.c,v 1.30 2020/03/11 02:12:08 roy Exp $");
#include <sys/param.h>
#include <sys/types.h>
@ -384,7 +384,6 @@ bl_send(bl_t b, bl_type_t e, int pfd, const struct sockaddr *sa,
if (bl_getsock(b, &ub.bl.bl_ss, sa, slen, ctx) == -1)
return -1;
ub.bl.bl_salen = slen;
memcpy(ub.bl.bl_data, ctx, ctxlen);
@ -394,15 +393,17 @@ bl_send(bl_t b, bl_type_t e, int pfd, const struct sockaddr *sa,
msg.msg_iovlen = 1;
msg.msg_flags = 0;
msg.msg_control = ua.ctrl;
msg.msg_controllen = sizeof(ua.ctrl);
if (pfd != -1) {
msg.msg_control = ua.ctrl;
msg.msg_controllen = sizeof(ua.ctrl);
cmsg = CMSG_FIRSTHDR(&msg);
cmsg->cmsg_len = CMSG_LEN(sizeof(int));
cmsg->cmsg_level = SOL_SOCKET;
cmsg->cmsg_type = SCM_RIGHTS;
cmsg = CMSG_FIRSTHDR(&msg);
cmsg->cmsg_len = CMSG_LEN(sizeof(int));
cmsg->cmsg_level = SOL_SOCKET;
cmsg->cmsg_type = SCM_RIGHTS;
memcpy(CMSG_DATA(cmsg), &pfd, sizeof(pfd));
memcpy(CMSG_DATA(cmsg), &pfd, sizeof(pfd));
}
tried = 0;
again:
@ -494,14 +495,15 @@ bl_recv(bl_t b)
}
if (got != (GOT_CRED|GOT_FD)) {
bl_log(b->b_fun, LOG_ERR, "message missing %s %s",
if (!(got & GOT_FD))
bi->bi_fd = -1;
#if GOT_CRED != 0
(got & GOT_CRED) == 0 ? "cred" :
#endif
"", (got & GOT_FD) == 0 ? "fd" : "");
if (!(got & GOT_CRED)) {
bl_log(b->b_fun, LOG_ERR, "message missing cred");
return NULL;
}
#endif
if ((size_t)rlen <= sizeof(ub.bl)) {
bl_log(b->b_fun, LOG_ERR, "message too short %zd", rlen);