Hello, while back-porting PAM_RHOST setting from development CVS tree, I found there is a bug in retrieving peer address (src/server.c):
static int
check_pam_password (char **username, char *password)
{
int retval, err;
struct pam_conv conv = { cvs_pam_conv, 0 };
char *pam_stage = "start";
struct sockaddr peer;
int len;
char host[NI_MAXHOST];
/* get the client's ip address */
len = sizeof (peer);
if (getpeername (STDIN_FILENO, &peer, &len) < 0)
[...]
/* convert the ip address to text */
if (getnameinfo(&peer, len, host, NI_MAXHOST,
NULL, 0, NI_NUMERICHOST) < 0)
[...]
}
The `peer' variable should be type of `struct sockaddr_storage'. Also the
`len' variable should be type of `socklen_t' to conform Single UNIX
Specification.
You need then to cast the `&peer' variable to `struct sockaddr *' before
passing it to getpeername() and getnameinfo().
Current code has problem when client connects via IPv6. Its address becomes
bigger then struct sockaddr and then getpeername() writes date into
unallocated memory and getnameinfo() reads from uninitialized memory.
The problem is described in Debian bug tracking system
(http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=601253#27).
-- Petr
pgpwcNRf9M7st.pgp
Description: PGP signature
_______________________________________________ Bug-cvs mailing list Bug-cvs@nongnu.org http://lists.nongnu.org/mailman/listinfo/bug-cvs
