From nobody Thu Jul 20 21:58:10 2023 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4R6RQC3QDfz4nqNq; Thu, 20 Jul 2023 21:58:11 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4R6RQB5Ynlz43F7; Thu, 20 Jul 2023 21:58:10 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1689890290; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=VNlCfSb+A9fksd58p+rPXlwFHgFWWPpYhqOZ0KXEAOY=; b=o+XHWeAPoCkLVTk1Kwbc1jwyw7VUm0+dXnH2OR89D9GU+wNByuQIC3z72ckcgThsdI6K6n Q37T+/KdhAC8JftUww8Oywc+ky2Qgs7OE5MRLs/DEak0xsJlEfNOMV+0dWm8esbp8TFq4u KR9ejDyZbeS3tAMLx6oWp8ZpWp55XPeB5wZ+nH+3ecf9ycBwlNGbvRFGKDtOA2cfMGowZW +RTTu3nWvHzRgML8H/UUhmcr716y7moow8wiBrp+umUVXZzbIbl/GTSxb4QLG5MSyBPsap pPLqCTdJ30f43Rqm1erpJoEzGKckKM4jT/kr/YfOwI4CJHKC1zxN8HhTyTRzvg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1689890290; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=VNlCfSb+A9fksd58p+rPXlwFHgFWWPpYhqOZ0KXEAOY=; b=azTukA3c/SrSJa7eBH1wPEIo8OkTGLTlEjU9rPT9vZ6pM14Pa3W+qLo8KjFmMRbwId0QIK dQg5uwhHaYnH4oj8ca0Ltzpzogs68BgGgBtJpydiDoM2QctWOc37YTEnaJmNUYV9/cZ0A/ 98BPq4mLLjM7O5hJCD9WUkkJRB9z15xpp0XD5LxnUeAcqVcwyV+ZdFOPITwRF8VokqS01U wmXcFsOPvNOiI/+Xql1QH1am3u0NsRTv+NMiUt1/l0qAqm49XzG+1KcyBcx/agutLwsyHi DrRY9Ijj5fJcFJht06z9zBSCFz5oRysrVVSGQVg4Z3rsojzqFLpg8JRs2cFh9Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1689890290; a=rsa-sha256; cv=none; b=LwpCe6ySA2Q01hWQ3v9GdB/psK7qgBe28FggwOLoDtQpEg3nFnmKOMZT84WrF2O8aOIvZ9 5j2pziNAindtdS0cRL+7dNaRr2DYxgFPmxzyvfXrkGClipXSs9XhoBsVZgtmTeRfI2O9T0 ovKK8TMEV3m3b85FLxvfbKDw0bLq3OpNCqmDNHs/81z9eBqH/UFQXGEEHJ/sb7eq3sjmjb CylPBDOT61MX7VEio4Qz7KD/sur4a/8J7uax0OG2fu7uHHcSE8+bqqztIc89IRcSXBDhQD JxwvKpxX+6njVo/bfJblv2Jf5CMcgcthanZkwuoXfLGvfraIPgK7WbL2Xj3jbQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4R6RQB4QnCzmvv; Thu, 20 Jul 2023 21:58:10 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 36KLwAPY052220; Thu, 20 Jul 2023 21:58:10 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 36KLwA4T052219; Thu, 20 Jul 2023 21:58:10 GMT (envelope-from git) Date: Thu, 20 Jul 2023 21:58:10 GMT Message-Id: <202307202158.36KLwA4T052219@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Gleb Smirnoff Subject: git: 1d9722de6f90 - main - tcp_wrappers: recognize IPv6 addresses/prefixes List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: glebius X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 1d9722de6f90c3edf286b077938bfa696e728d6c Auto-Submitted: auto-generated The branch main has been updated by glebius: URL: https://cgit.FreeBSD.org/src/commit/?id=1d9722de6f90c3edf286b077938bfa696e728d6c commit 1d9722de6f90c3edf286b077938bfa696e728d6c Author: Gleb Smirnoff AuthorDate: 2023-07-20 21:56:20 +0000 Commit: Gleb Smirnoff CommitDate: 2023-07-20 21:56:20 +0000 tcp_wrappers: recognize IPv6 addresses/prefixes Intentionally or not, but the libwrap was written in such manner that if your /etc/hosts.allow doesn't have any domain names, neither smart keywords like LOCAL or KNOWN, then it will not try to resolve the client address during the hosts check. This was achieved with the NOT_INADDR() check that matched IPv4 addresses/prefixes. Extend this to also skip resolve if client list token looks like IPv6. Reviewed by: philip, emaste PR: 269456 Differential revision: https://reviews.freebsd.org/D40070 --- contrib/tcp_wrappers/hosts_access.c | 3 ++- contrib/tcp_wrappers/tcpd.h | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/contrib/tcp_wrappers/hosts_access.c b/contrib/tcp_wrappers/hosts_access.c index 05c62d194091..e55f3f34dd20 100644 --- a/contrib/tcp_wrappers/hosts_access.c +++ b/contrib/tcp_wrappers/hosts_access.c @@ -315,7 +315,8 @@ static int host_match(char *tok, struct host_info *host) return (masked_match(tok, mask, eval_hostaddr(host))); } else { /* anything else */ return (string_match(tok, eval_hostaddr(host)) - || (NOT_INADDR(tok) && string_match(tok, eval_hostname(host)))); + || (NOT_INADDR(tok) && NOT_INADDR6(tok) + && string_match(tok, eval_hostname(host)))); } } diff --git a/contrib/tcp_wrappers/tcpd.h b/contrib/tcp_wrappers/tcpd.h index 1078073c8e3a..194cde378c1c 100644 --- a/contrib/tcp_wrappers/tcpd.h +++ b/contrib/tcp_wrappers/tcpd.h @@ -70,6 +70,7 @@ extern char paranoid[]; #define HOSTNAME_KNOWN(s) (STR_NE((s),unknown) && STR_NE((s),paranoid)) #define NOT_INADDR(s) (s[strspn(s,"01234567890./")] != 0) +#define NOT_INADDR6(s) (strchr(s, ':') == NULL) /* Global functions. */