Hi,
At 13.14 20/07/2006, Gennadiy Tsarenkov wrote:
Hi all,
I've tried to build squid under Windows environment
and find out that a fix is necessary.
Namelly,
1) when copeing MAC address to the arpReq using memcpy
the attribute dwPhysAddrLen is incorrectly accessed
(i.e. NetTable[i].table->dwPhysAddrLen).
The correct line should be
memcpy(arpReq.arp_ha.sa_data,
NetTable->table[i].bPhysAddr,
NetTable->table[i].dwPhysAddrLen);
This also protects this function from attacks.
Yes, correct.
2) ARP is checked against cached entries under Windows
environment. If the ARP entry is not found in cache
then the undefined value is contained in
arpReq.arp_ha. This may lead to granting access or
deny rule incorretly (very unlikely, but possible). It
would be nice, if it will be initialized with zeros
before lookup cycle.
memset(arpReq.arp_ha, 0, sizeof(arpReq.arp_ha));
Sure, now it's done like other platforms.
3) I would suggest to even to extend this
functionality in such a way that if address is not
found in cache, then SendARP function is executed.
It could be a good suggestion, but there are some bad side effects:
If all acl defined client are on-line, this is good, but for every
switched off client defined in an arp acl, we will send an arp
request and wait for a response, very bad .....
4) For Windows under cygwin there is still needed to
add -lresolv when linking with --disable-internal-dns.
I will check this.
Thanks for your suggestions.
Regards
Guido
-
========================================================
Guido Serassio
Acme Consulting S.r.l. - Microsoft Certified Partner
Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY
Tel. : +39.011.9530135 Fax. : +39.011.9781115
Email: [EMAIL PROTECTED]
WWW: http://www.acmeconsulting.it/
