>Number:         6813
>Category:       bin
>Synopsis:       uninitialized variable use in portmap/libwrap
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bin-bug-people (Utility Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Jan 15 04:20:01 1999
>Last-Modified:
>Originator:     Matthias Drochner
>Organization:
	KFA Juelich
>Release:        `date`
>Environment:
	
System: NetBSD zelz26 1.3I NetBSD 1.3I (ZELZ26.UVM) #983: Thu Jan 14 12:10:10 MET 1999 drochner@zelz26:/mnt/sys/arch/i386/compile/ZELZ26.UVM i386


>Description:
	The check_access() function in portmap.c gets passed the IP address
of the caller and uses it to initialize the libwrap "request".
At this point, the file descriptor is not available; the corresponding
member of "request" is initialized to -1 by request_init().
check_access() calls libwrap's fromhost() then which relies on the
file descriptor. The "-1" leads to syslog output
"portmap[]: warning: can't get client address: Bad file descriptor",
but seems harmless otherwise.

>How-To-Repeat:
	Run a -current system with standard inetd.conf setup.

>Fix:
	The call to fromhost() seems to be wrong here since the
caller's address is already known.

Index: portmap.c
===================================================================
RCS file: /cvsroot/src/usr.sbin/portmap/portmap.c,v
retrieving revision 1.15
diff -c -r1.15 portmap.c
*** portmap.c	1999/01/13 01:01:26	1.15
--- portmap.c	1999/01/15 11:51:59
***************
*** 660,666 ****
  
  #ifdef LIBWRAP
  	request_init(&req, RQ_DAEMON, "portmap", RQ_CLIENT_SIN, addr, 0);
- 	fromhost(&req);
  	if(!hosts_access(&req)) {
  		logit(deny_severity, addr, proc, prog, ": request from unauthorized host");
  		return 0;
--- 660,665 ----
>Audit-Trail:
>Unformatted: