mirror/freebsd
1
0
Fork 0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-12 09:58:36 +00:00
Code Issues Releases Activity

Add a couple of reserved port checks: don't talk to either ypserv

Browse Source 
or rpc.ypxfrd processes on remote systems that aren't bound to reserved
ports. The servers already do reserved port checks on the clients.

Obtained from: scrutinizing the OpenBSD ypxfr sources. (Note that this
applies to the ypserv check only; OpenBSD doesn't have an rpc.ypxfrd.)
This commit is contained in:
Bill Paul 1996-10-20 19:52:53 +00:00
parent bd7ea4dcfc
commit 2c33b20a87
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=19065
1 changed files with 24 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
libexec/ypxfr/ypxfr_main.c
View File

@ -29,7 +29,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: ypxfr_main.c,v 1.17 1996/06/03 03:11:39 wpaul Exp $
* $Id: ypxfr_main.c,v 1.18 1996/10/20 19:44:45 wpaul Exp $
*/
#include <stdio.h>
#include <stdlib.h>
@ -51,7 +51,7 @@ struct dom_binding {};
#include "ypxfr_extern.h"
#ifndef lint
static const char rcsid[] = "$Id: ypxfr_main.c,v 1.17 1996/06/03 03:11:39 wpaul Exp $";
static const char rcsid[] = "$Id: ypxfr_main.c,v 1.18 1996/10/20 19:44:45 wpaul Exp $";
#endif
char *progname = "ypxfr";
@ -162,6 +162,7 @@ main(argc,argv)
char tempmap[MAXPATHLEN + 2];
char buf[MAXPATHLEN + 2];
DBT key, data;
int remoteport;
debug = 1;
@ -332,6 +333,16 @@ the local domain name isn't set");
if (ypxfr_source_host == NULL)
ypxfr_source_host = ypxfr_master;
/*
* Don't talk to ypservs on unprivileged ports.
*/
remoteport = getrpcport(ypxfr_source_host, YPPROG, YPVERS, IPPROTO_UDP);
if (remoteport >= IPPORT_RESERVED) {
yp_error("ypserv on %s not running on reserved port",
ypxfr_source_host);
ypxfr_exit(YPXFR_REFUSED, NULL);
}
if ((ypxfr_order = ypxfr_get_order(ypxfr_source_domain,
ypxfr_mapname,
ypxfr_master, 0)) == 0) {
@ -376,10 +387,18 @@ the local domain name isn't set");
snprintf(ypxfr_temp_map, sizeof(ypxfr_temp_map), "%s/%s/%s", yp_dir,
ypxfr_dest_domain, tempmap);
if (getrpcport(ypxfr_master, YPXFRD_FREEBSD_PROG,
YPXFRD_FREEBSD_VERS, IPPROTO_TCP)) {
if ((remoteport = getrpcport(ypxfr_source_host, YPXFRD_FREEBSD_PROG,
YPXFRD_FREEBSD_VERS, IPPROTO_TCP))) {
/* Don't talk to rpc.ypxfrds on unprovileged ports. */
if (remoteport >= IPPORT_RESERVED) {
yp_error("rpc.ypxfrd on %s not using privileged port",
ypxfr_source_host);
ypxfr_exit(YPXFR_REFUSED, NULL);
}
/* Try to send using ypxfrd. If it fails, use old method. */
if (!ypxfrd_get_map(ypxfr_master, ypxfr_mapname,
if (!ypxfrd_get_map(ypxfr_source_host, ypxfr_mapname,
ypxfr_source_domain, ypxfr_temp_map))
goto leave;
}