On 10/26/2009 05:40 PM, Robert Gordon wrote:
> In nfs-utils 1.2.0, I noticed that the insecure option validates that
> the client port is a
> subset of IPPORT_RESERVED as opposed to just validating it is a valid
> reserved port. The following proposed patch would correct that issue.
>
> Signed-off-by: Robert Gordon <rbg@xxxxxxxxxxx>
>
> --- ./utils/mountd/auth.c.orig
> +++ ./utils/mountd/auth.c
> @@ -169,8 +169,7 @@ auth_authenticate_internal(char *what, s
> }
> }
> if (!(exp->m_export.e_flags & NFSEXP_INSECURE_PORT) &&
> - (ntohs(caller->sin_port) < IPPORT_RESERVED/2 ||
> - ntohs(caller->sin_port) >= IPPORT_RESERVED)) {
> + ntohs(caller->sin_port) >= IPPORT_RESERVED) {
> *error = illegal_port;
> return NULL;
> }
>
Committed...
steved.
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
