Subject: security/6918: encrypted (kerberized) telnet does not work to machine pools
To: None <gnats-bugs@gnats.netbsd.org>
From: Tracy J. Di Marco White <gendalia@solstice.cc.iastate.edu>
List: netbsd-bugs
Date: 01/31/1999 12:07:59
>Number: 6918
>Category: security
>Synopsis: encrypted telnet fails when telneting to a pool of machines
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: security-officer (NetBSD Security Officer)
>State: open
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Sun Jan 31 10:20:00 1999
>Last-Modified:
>Originator: Tracy J. Di Marco White
>Organization:
Iowa State University Computation Center
>Release: 1998-12-20
>Environment:
System: NetBSD solstice.cc.iastate.edu 1.3I NetBSD 1.3I (SOLSTICE) #2: Wed Dec 16 21:42:16 CST 1998 root@solstice.cc.iastate.edu:/usr/src/sys/arch/i386/compile/SOLSTICE i386
>Description:
telneting to a name that represents a round robin of machines causes the
encryption to fail.
>How-To-Repeat:
using telnet in domestic, telnet to a pool of machines represented by one name.
>Fix:
Do a reverse name lookup to get the true name of the host, in case a name
with multiple IP addresses is found on the name->addr query.
*** commands.c.orig Sat Jan 30 14:29:41 1999
--- commands.c Sun Jan 31 11:52:28 1999
***************
*** 2389,2394 ****
--- 2389,2395 ----
#else /* defined(h_addr) */
memmove((caddr_t)&sin.sin_addr, host->h_addr, host->h_length);
#endif /* defined(h_addr) */
+ host = gethostbyaddr((char *)&sin.sin_addr, 4, AF_INET);
strncpy(_hostname, host->h_name, sizeof(_hostname));
_hostname[sizeof(_hostname)-1] = '\0';
hostname = _hostname;
>Audit-Trail:
>Unformatted: