netbsd-bugs: bin/6831: portmap tcpwrap failure

Subject: bin/6831: portmap tcpwrap failure
To: None <gnats-bugs@gnats.netbsd.org>
From: Andreas Wrede <andreas@planix.com>
List: netbsd-bugs
Date: 01/17/1999 19:22:35
>Number:         6831
>Category:       bin
>Synopsis:       host_access check in portmap fail due to bogus call to fromhost()
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    bin-bug-people (Utility Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Jan 17 16:35:01 1999
>Last-Modified:
>Originator:     Andreas Wrede
>Organization:
Planix, Inc.
>Release:        <NetBSD-current source date>-current/Jan 17/1999
>Environment:
	
System: NetBSD woffi.planix.com 1.3I NetBSD 1.3I (WOFFI) #6: Sat Jan 2 20:47:00 EST 1999 root@woffi.planix.com:/local1/netbsd/netbsd-current/src/sys/arch/i386/compile/WOFFI i386


>Description:
	
The recently added LIBWRAP code in portmap.c assumes a tcp connection, although
portmap uses UDP. A call to fromhost() will always fail, as the underlying 
sock_host() routine assumes that a file pointer for the current connections is 
present in the request data structure. 

>How-To-Repeat:
	
Compile portmap with -DLIBWRAP, install and start portmap -l. 
Edit /etc/hosts.allow to include numeric only entries for the portmap 
ALLOW entry.  run rpcinfo -p <host> from afar.

>Fix:
Apply the patch below. Note that there is a problem in the underlying librwrap.
Some of the library function silently assume the presence of specic fields
in the request structure. In addition, the status of the sock_xxx calls is
unclear to me. While the are prototyped in the header file tcpd.h, there
is no man page for them.
----

*** portmap.c.orig	Sun Jan 17 07:16:14 1999
--- portmap.c	Sun Jan 17 18:13:49 1999
***************
*** 660,666 ****
  
  #ifdef LIBWRAP
  	request_init(&req, RQ_DAEMON, "portmap", RQ_CLIENT_SIN, addr, 0);
! 	fromhost(&req);
  	if(!hosts_access(&req)) {
  		logit(deny_severity, addr, proc, prog, ": request from unauthorized host");
  		return 0;
--- 660,667 ----
  
  #ifdef LIBWRAP
  	request_init(&req, RQ_DAEMON, "portmap", RQ_CLIENT_SIN, addr, 0);
! 	sock_hostname(req.client);
! 	sock_hostaddr(req.client);
  	if(!hosts_access(&req)) {
  		logit(deny_severity, addr, proc, prog, ": request from unauthorized host");
  		return 0;
>Audit-Trail:
>Unformatted: