Hello!
Linux-PAM 0.99.5.0 has problems with pam_access module. In function
from_match() loop at lines from 547 up to 567 follows addrinfo chain
incorrectly. It only follows the chain if current addrinfo structure has
ai_family field equal to AF_INET and releases the entire chain at the end of
the first iteration. Additionally, getaddrinfo() is called with AI_ADDRCONF
flag, which is both excessive in that context and defined not in every system.
Attached patch fixes both issues. Please apply.
--
Sincerely Your, Dan.
Drop unnecessary AI_ADDRCONF flag. The more that not all systems have support
for it. Also fix loop looking up AF_INET address chain: chain following
expression is relocated to the right place at the end of the loop,
freeaddrinfo() call is relocated to the place right after the end of loop.
--- modules/pam_access/pam_access.c.gai 2006-02-07 10:57:36.000000000 +0300
+++ modules/pam_access/pam_access.c 2006-07-01 21:43:41.000000000 +0400
@@ -535,7 +535,7 @@
struct addrinfo hint;
memset (&hint, '\0', sizeof (hint));
- hint.ai_flags = AI_ADDRCONFIG | AI_CANONNAME;
+ hint.ai_flags = AI_CANONNAME;
hint.ai_family = AF_INET;
if (getaddrinfo (string, NULL, &hint, &res) != 0)
@@ -561,10 +561,10 @@
freeaddrinfo (res);
return YES;
}
- runp = runp->ai_next;
}
- freeaddrinfo (res);
+ runp = runp->ai_next;
}
+ freeaddrinfo (res);
}
} else if (isipaddr(string, NULL, NULL) == YES) {
/* Assume network/netmask with a IP of a host. */
@@ -576,7 +576,7 @@
struct addrinfo hint;
memset (&hint, '\0', sizeof (hint));
- hint.ai_flags = AI_ADDRCONFIG | AI_CANONNAME;
+ hint.ai_flags = AI_CANONNAME;
hint.ai_family = AF_UNSPEC;
if (getaddrinfo (string, NULL, &hint, &res) != 0)
_______________________________________________
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
