--- /dev/null
+- uninitialized variable was checked for NULL
+--- tcp_wrappers_7.6/inetcf.c.162412 2006-01-24 15:33:20.000000000 +0100
++++ tcp_wrappers_7.6/inetcf.c 2006-01-24 15:35:44.000000000 +0100
+@@ -61,7 +61,7 @@
+ char *conf;
+ {
+ char buf[BUFSIZ];
+- FILE *fp;
++ FILE *fp = NULL;
+ char *service;
+ char *protocol;
+ char *user;
--- /dev/null
+- don't bother resolving localhost, as it gives weird results in mixed IPv4/IPV6 environments
+--- tcp_wrappers_7.6/hosts_access.c.196326 2007-06-28 13:44:10.000000000 +0200
++++ tcp_wrappers_7.6/hosts_access.c 2007-06-28 15:33:45.000000000 +0200
+@@ -346,6 +346,9 @@
+ return (STR_NE(string, unknown));
+ } else if (tok[(n = strlen(tok)) - 1] == '.') { /* prefix */
+ return (STRN_EQ(tok, string, n));
++ } else if ((STR_EQ(tok, "localhost") || STR_EQ(tok, "localhost.localdomain"))
++ && (STR_EQ(string, "localhost") || STR_EQ(string, "localhost.localdomain"))) {
++ return (YES); /* these localhosts are equivalent */
+ } else { /* exact match */
+ #ifdef INET6
+ struct addrinfo hints, *res;
--- /dev/null
+- resolve hostnames in hosts.{allow,deny}, should fix a bunch of issues with IPv4/6
+--- tcp_wrappers_7.6/tcpd.h.220015 2007-06-28 15:42:49.000000000 +0200
++++ tcp_wrappers_7.6/tcpd.h 2007-06-28 15:43:59.000000000 +0200
+@@ -167,6 +167,7 @@
+
+ /* look up endpoint addresses */
+ extern void sock_host __P((struct request_info *));
++extern void sock_hostnofd __P((struct request_info *));
+ /* translate address to hostname */
+ extern void sock_hostname __P((struct host_info *));
+ /* address to printable address */
+--- tcp_wrappers_7.6/hosts_ctl.c.220015 1994-12-28 17:42:28.000000000 +0100
++++ tcp_wrappers_7.6/hosts_ctl.c 2007-06-28 15:42:49.000000000 +0200
+@@ -29,10 +29,12 @@
+ {
+ struct request_info request;
+
+- return (hosts_access(request_init(&request,
+- RQ_DAEMON, daemon,
+- RQ_CLIENT_NAME, name,
+- RQ_CLIENT_ADDR, addr,
+- RQ_USER, user,
+- 0)));
++ request_init(&request, RQ_DAEMON, daemon,
++ RQ_CLIENT_NAME, name,
++ RQ_CLIENT_ADDR, addr,
++ RQ_USER, user,
++ 0);
++ sock_hostnofd(&request);
++
++ return (hosts_access(&request));
+ }
+--- tcp_wrappers_7.6/socket.c.220015 2007-06-28 15:42:49.000000000 +0200
++++ tcp_wrappers_7.6/socket.c 2007-06-28 15:42:49.000000000 +0200
+@@ -147,6 +147,51 @@
+ #endif
+ }
+
++/* sock_hostnofd - look up endpoint addresses and install conversion methods */
++
++void sock_hostnofd(request)
++struct request_info *request;
++{
++ static struct sockaddr_storage client;
++ struct addrinfo hints, *res;
++ int ret;
++ char *host;
++
++ /* If the address field is non-empty and non-unknown and if the hostname
++ * field is empty or unknown, use the address field to get the sockaddr
++ * and hostname. */
++ if (strlen(request->client->addr) &&
++ HOSTNAME_KNOWN(request->client->addr) &&
++ (!strlen(request->client->addr) ||
++ !HOSTNAME_KNOWN(request->client->name)))
++ host = request->client->addr;
++ else
++ return;
++
++ memset(&hints, 0, sizeof(hints));
++ hints.ai_family = AF_INET6;
++ hints.ai_socktype = SOCK_STREAM;
++ hints.ai_flags = AI_PASSIVE | AI_NUMERICHOST;
++
++ ret = getaddrinfo(host, NULL, &hints, &res);
++ if (ret != 0) {
++ hints.ai_family = AF_INET;
++ ret = getaddrinfo(host, NULL, &hints, &res);
++ }
++
++ if (ret != 0) {
++ tcpd_warn("can't resolve hostname (%s): %s", host, gai_strerror(ret));
++ } else {
++ sock_methods(request);
++
++ memcpy(&client, res->ai_addr, res->ai_addrlen);
++ request->client->sin = (struct sockaddr *)&client;
++ freeaddrinfo(res);
++
++ request->client->name[0] = 0;
++ }
++}
++
+ /* sock_hostaddr - map endpoint address to printable form */
+
+ void sock_hostaddr(host)
--- /dev/null
+- security, barf in case of problems with hosts.allow/deny files
+--- tcp_wrappers_7.6/hosts_access.c.sig 2003-02-10 16:18:31.000000000 +0100
++++ tcp_wrappers_7.6/hosts_access.c 2003-02-10 16:50:38.000000000 +0100
+@@ -66,6 +66,7 @@
+
+ #define YES 1
+ #define NO 0
++#define ERR -1
+
+ /*
+ * These variables are globally visible so that they can be redirected in
+@@ -129,11 +129,11 @@
+ verdict = setjmp(tcpd_buf);
+ if (verdict != 0)
+ return (verdict == AC_PERMIT);
+- if (table_match(hosts_allow_table, request))
++ if (table_match(hosts_allow_table, request) == YES)
+ return (YES);
+- if (table_match(hosts_deny_table, request))
+- return (NO);
+- return (YES);
++ if (table_match(hosts_deny_table, request) == NO)
++ return (YES);
++ return (NO);
+ }
+
+ /* table_match - match table entries with (daemon, client) pair */
+@@ -175,8 +175,9 @@
+ (void) fclose(fp);
+ } else if (errno != ENOENT) {
+ tcpd_warn("cannot open %s: %m", table);
++ match = ERR;
+ }
+- if (match) {
++ if (match == YES) {
+ if (hosts_access_verbose > 1)
+ syslog(LOG_DEBUG, "matched: %s line %d",
+ tcpd_context.file, tcpd_context.line);
--- /dev/null
+- Unblock and catch SIGCHLD from spawned shell commands
+--- tcp_wrappers_7.6/shell_cmd.c.sigchld 1994-12-28 17:42:44.000000000 +0100
++++ tcp_wrappers_7.6/shell_cmd.c 2007-06-28 15:42:17.000000000 +0200
+@@ -20,6 +20,11 @@
+ #include <stdio.h>
+ #include <syslog.h>
+ #include <string.h>
++#include <errno.h>
++#include <unistd.h>
++#include <sys/wait.h>
++#include <sys/stat.h>
++#include <fcntl.h>
+
+ extern void exit();
+
+@@ -31,13 +36,42 @@
+
+ static void do_child();
+
++/*
++ * The sigchld handler. If there is a SIGCHLD caused by a child other than
++ * ours, we set a flag and raise the signal later.
++ */
++volatile static int foreign_sigchld;
++volatile static int our_child_pid;
++static void sigchld(int sig, siginfo_t *si, void *unused)
++{
++ if (si && si->si_pid != our_child_pid)
++ foreign_sigchld = 1;
++}
++
+ /* shell_cmd - execute shell command */
+
+ void shell_cmd(command)
+ char *command;
+ {
+ int child_pid;
+- int wait_pid;
++
++ struct sigaction new_action, old_action;
++ sigset_t new_mask, old_mask, empty_mask;
++
++ new_action.sa_sigaction = &sigchld;
++ new_action.sa_flags = SA_SIGINFO;
++ sigemptyset(&new_action.sa_mask);
++ sigemptyset(&new_mask);
++ sigemptyset(&empty_mask);
++ sigaddset(&new_mask, SIGCHLD);
++
++ /*
++ * Set the variables for handler, set the handler and block the signal
++ * until we have the pid.
++ */
++ foreign_sigchld = 0; our_child_pid = 0;
++ sigprocmask(SIG_BLOCK, &new_mask, &old_mask);
++ sigaction(SIGCHLD, &new_action, &old_action);
+
+ /*
+ * Most of the work is done within the child process, to minimize the
+@@ -49,12 +83,26 @@
+ tcpd_warn("cannot fork: %m");
+ break;
+ case 00: /* child */
++ /* Clear the blocked mask for the child not to be surprised. */
++ sigprocmask(SIG_SETMASK, &empty_mask, 0);
+ do_child(command);
+ /* NOTREACHED */
+ default: /* parent */
+- while ((wait_pid = wait((int *) 0)) != -1 && wait_pid != child_pid)
+- /* void */ ;
++ our_child_pid = child_pid;
++ sigprocmask(SIG_UNBLOCK, &new_mask, 0);
++ while (waitpid(child_pid, (int *) 0, 0) == -1 && errno == EINTR);
+ }
++
++ /*
++ * Revert the signal mask and the SIGCHLD handler.
++ */
++ sigprocmask(SIG_SETMASK, &old_mask, 0);
++ sigaction(SIGCHLD, &old_action, 0);
++
++ /* If there was a foreign SIGCHLD, raise it after we have restored the old
++ * mask and handler. */
++ if (foreign_sigchld)
++ raise(SIGCHLD);
+ }
+
+ /* do_child - exec command with { stdin, stdout, stderr } to /dev/null */
--- /dev/null
+- don't use sys_errlist, use strerror
+--- tcp-wrappers-7.6/percent_m.c
++++ tcp-wrappers-7.6/percent_m.c
+@@ -13,7 +13,7 @@
+ #include <string.h>
+
+ extern int errno;
+-#ifndef SYS_ERRLIST_DEFINED
++#if !defined(SYS_ERRLIST_DEFINED) && !defined(HAVE_STRERROR)
+ extern char *sys_errlist[];
+ extern int sys_nerr;
+ #endif
+@@ -29,11 +29,15 @@
+
+ while (*bp = *cp)
+ if (*cp == '%' && cp[1] == 'm') {
++#ifdef HAVE_STRERROR
++ strcpy(bp, strerror(errno));
++#else
+ if (errno < sys_nerr && errno > 0) {
+ strcpy(bp, sys_errlist[errno]);
+ } else {
+ sprintf(bp, "Unknown error %d", errno);
+ }
++#endif
+ bp += strlen(bp);
+ cp += 2;
+ } else {
projects / packages / tcp_wrappers.git / commitdiff