Hello,
There is a bug in fam's xtab verification. Requests may be denied to hosts
that actually have mounted the exported filesystem in question. This was
detected with the fam included with IRIX 6.5.16f, 6.5.19f and with
fam-2.6.10 which was compiled from the latest release source code.
file: fam/Interest.c++
method: void Interest::verify_exported_to_host()
The static data returned by gethostbyaddr and pointed to by *hent gets
overwritten by the later call to gethostbyname so during the next iteration
through the loop, the *hent dereferencing gives unpredictable results. This
is solved by using the reentrant gethostbyname_r in the place of
gethostbyname.
Below are the actual differences in the code that fixed the problem.
I hope that this or a similar fix can be included into a release version
soon as the workaround of setting xtab_verification = false in the config
file bypasses an important security feature.
Thanks,
fla.
--
Francois L'Archeveque
diff Interest.c++ Interest.c++.keep
409,417c409
<
< // use the reentrant version of gethostbyname to avoid overwriting
< // the static data returned by gethostbyaddr above.
< hostent client_hostent;
< static char hostent_buf[2048];
< int client_error = 0;
<
< hostent *chent = gethostbyname_r(cs, &client_hostent, hostent_buf,
< sizeof(hostent_buf),
&client_error);
---
hostent *chent = gethostbyname(cs);
_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
|