On Thu, Jan 05, Mike Becher wrote: > Hi again, > > because I don't know whether my patch for pam_access module (please > have a look at forwarded message but without patch) will be accepted > by list moderator or not (message was too large, larger than 40kB > because patch size is 100735 bytes) I post it again but now in 5 > pieces in messages with subject: "pam_access patch part X of 5" > > I hope this code finds the way into official distribution of > Linux-PAM. I looked at it and the code is terrible. My first step will be to merge only the basic stuff like netmasks and IPv6, not the external helper and compatibility hacks. At first, functions like convert_hostname_r are by no means thread safe/reentrant only because the use no static buffer, as long as they use non-reentrant functions like gethostbyname(). The second problem is that from gethostbyname only the first IP is used. This was already broken in the old version, but now it depends on if the IPv4 or the IPv6 address is the first one which is returned, pure luck if this is really working. getaddrinfo should be used instead. Thorsten -- Thorsten Kukuk http://www.suse.de/~kukuk/ kukuk@xxxxxxx SUSE LINUX Products GmbH Maxfeldstr. 5 D-90409 Nuernberg -------------------------------------------------------------------- Key fingerprint = A368 676B 5E1B 3E46 CFCE 2D97 F8FD 4E23 56C6 FB4B _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
