On Oct 13, 2009, at 1:09 PM, Steve Dickson wrote:
On 10/13/2009 01:56 PM, Robert Gordon wrote:
I noticed that the insecure option validates that the client port
is a
subset of IPPORT_RESERVED as opposed to just validating it is a valid
reserved port. The following proposed patch would correct that issue.
Would anyone care to comment ? ..
# diff utils/mountd/auth.c utils/mountd/auth.c.orig
171a172
(ntohs(caller->sin_port) < IPPORT_RESERVED/2 ||
What version of nfs-utils are you using and please generate a proper
patch (via gendiff) with a proper 'Signed-off-by:' label...
Per the subject: it's 1.2.0 and here (hopefully) is the correct format
(my first venture in generating a patch for linux, so it's a little
new to me..)
Robert
--
Signed-off-by: Robert Gordon <rbg@xxxxxxxxxxx>
diff -up utils/mountd/auth.c.orig utils/mountd/auth.c
--- utils/mountd/auth.c.orig 2009-10-13 12:49:03.000000000 -0500
+++ utils/mountd/auth.c 2009-10-13 12:49:32.000000000 -0500
@@ -169,7 +169,6 @@ auth_authenticate_internal(char *what, s
}
}
if (!(exp->m_export.e_flags & NFSEXP_INSECURE_PORT) &&
- (ntohs(caller->sin_port) < IPPORT_RESERVED/2 ||
ntohs(caller->sin_port) >= IPPORT_RESERVED)) {
*error = illegal_port;
return NULL;
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
