923dd9a7a7
interfaces (such as when you are part of a carp pool), and you run rpcbind -h to restrict which interfaces have rpc services, rpcbind can none-the-less return addresses that aren't in the -h list. This patch enforces the rule that when you specify -h on the command line, then services returned from rpcbind must be to one of the addresses listed in -h, or be a loopback address (since localhost is implicit when running -h). The root cause of this is the assumption in addrmerge that there can be only one interface that matches a given network IP address. This turns out not to be the case. To retain historical behavior, I didn't try to fix the routine to prefer the address that the request came into, since I didn't know the side effects that might cause in the normal case. My quick analysis suggests that it wouldn't be a problem, but since this code is tricky I opted for the more conservative patch of only restricting the reply when -h is in effect. Hence, this change will have no effect when you are running rpcbind without -h. Reviewed by: alfred@ Sponsored by: iX Systems MFC after: 2 weeks |
||
|---|---|---|
| .. | ||
| check_bound.c | ||
| Makefile | ||
| pmap_svc.c | ||
| rpcb_stat.c | ||
| rpcb_svc_4.c | ||
| rpcb_svc_com.c | ||
| rpcb_svc.c | ||
| rpcbind.8 | ||
| rpcbind.c | ||
| rpcbind.h | ||
| security.c | ||
| util.c | ||
| warmstart.c | ||