at the end of gethostanswer()/getanswer()/whatever where it used to
return TRY_AGAIN. This breaks the domain list traversal in ypserv's
async DNS lookup module: it would only retry using the domain(s) from
the 'domain' or 'search' lines in /etc/resolv.conf if __dns_getanswer()
returned TRY_AGAIN.
Changed the test so that either TRY_AGAIN or NO_RECOVERY will work.
This seemed to me the best solution in the event somebody tries to
compile this code on an older system with a different version of BIND.
(You shouldn't do that of course, but then there's a lot of things
in the world that you shouldn't do and people do them anyway.)
is not sane: if the TTL on a pending but unanswered query hits 0 and the
circular queue entry is removed and free()d, the for() loop may still try
to use the entry pointer (which now points at no longer valid memory).
usually, deleting only the last entry off the end of the queue worked, but
if more than one was deleted, the server would crash. I changed things a
bit so this shouldn't happen anymore.
Also arranged to call the prune routine a bit more often.
diffes with NetBSD/OpenBSD. These changes seem to predate the NetBSD/OpenBSD
split, so it is hard to give proper credit for them.
Obtained from: OpenBSD.
overflow patches that were "near" to where these operations are taking
place. The buffer overflows are from OpenBSD. The setuid/seteuid patches
are from NetBSD by way of OpenBSD (they changed them a little), at least from
my read of the tree.
This is the first of a series of OpenBSD lpr/et al merges. It (and them)
should be merged back into 2.2 and/or 2.1 (if requested) branches when they
have been shaken out in -current.
Obtained from: OpenBSD
we decide to do a DNS lookup, we NUL terminate the key string provided
by the client before passing it into the DNS lookup module. This is
actually wrong. Assume the key is 'foo.com'. In this case, key.keydat_val
will be "foo.com" and key.keydat_len will be 7 (seven characters; the
string is not NUL-terminated so it is not 8 as you might expect).
The string "foo.com" is actually allocated by the XDR routines when the
RPC request is decoded; exactly 7 bytes are allocated. By adding a NUL,
the string becomes "foo.com\0", but the '\0' goes into an 8th byte which
was never allocated for this string and which could be anywhere. The result
is that while the initial request may succeed, we could trash other
dynamically allocated structures (like, oh, I dunno, the circular map
cache queue?) and SEGV later. This is in fact what happens.
The fix is to copy the string into a larger local buffer and NUL-terminate
that buffer instead.
Crash first reported by: Ricky Chan <ricky@come.net.uk>
Bug finally located with: Electric Fence 2.0.5
the hostname into. In theory the bind library should do this, but
in practice the limites between system defines and bind defines make
an attack using this vector possible. These patches have been in
use on my systems for three months now, so I am fairly confident about
them. I plan on commiting this to 2.2 and 2.1 in the near future,
as well as many other patches of this nature.
those ideas that, like the Apache server setup, was well-intentioned
but doomed to fail in the face of change. That and the fact that it
shouldn't be part of the installation tool, it should be part of the
post-installation setup tool (which we need to write). Combining the
two utilities into one utility was my first conceptual mistake.
Apologies also to Coranth Gryphon, who worked hard on the Apache
and Samba server setup code. These features were quite useful
for awhile, if that's any consolation, I just simply had the wrong
ideas about where to put them. :-(
In rt_change() remember to update the interface pointer otherwise we will
send the RIP packets to the wrong interface(s) in future.
Update the hash generator and increase the size of the hash tables.
Only use the network and host parts when comparing IPX interface addresses.
Immediately broadscast RIP and SAP changes.
Change the alarm code to use the setitimer() call and only set a flag in
the alarm signal handler. This gets rid of possible race conditions.
Remove the host routing table. IPX RIP cannot do host routes, only net routes.
Make the delay between broadcast packets 50ms. It seems that some Netware
4.x servers is very slow and don't have much input buffering.
Handle received messages about networks and services that go down, better.
Add tracing of RIP and SAP changes. It gets sysloged with a level of
LOG_DEBUG.
INT cause a hangup - not exiting for -ddial & -auto.
HUP must exit because init sends this at system shutdown
time (why, I don't know), and we don't want to end up
redialing after the HUP (due to another dfilter packet).
Pointed out by and discussed with: ache
the option in pkg_create. Now preserved files start with a . and are
named .<filename>.<pkgname>.backup so that their purpose is more clear.
Note that just using the preserve option without proper pkg_deps
is also foolish since packages being deleted in the incorrect order with
preserve on can generate some odd results.
before replacing them (using pkgname to make this hopefully unique).
Delete also moves them back, if they exist, resulting in a package
which can be "backed out" with reasonable safety.
Catch SIGUSR1 to re-init listening socket.
Document signal behaviour.
Add missing '\n's to LogPrintf(LogWARN,...)
Main() returns int not void.
AF_LOCAL ideal suggested a long time ago by: joerg
unless defined out - including while a telnet
session with a -auto ppp is in effect. If you
don't create ppp.secrets, you deserve what you
get.
telnet connection capabilities will be configurable
per system soon.
Suggested by: Terry Dwyer <tdwyer@omen.net.au>
Updated README file with additional helpful information from Steve Passe
and added patches from Robert Sexton to eliminate case sensitivity of
the xten command.
o Style police
o Make hangup abort the current connection, not
necessarily exiting (-auto/-ddial).
o Trap HUP and INT during DoChat and abort the
connection attempt. This means you can now
type "dial" and change your mind with ^C, or
HUP the process to stop it dialing.
Slapped into doing it by: Chuck Robey <chuckr@glue.umd.edu>
Add a system command to script mechanism (so you can call things like
tzsetup from scripts).
Add noError variable for causing script errors to be ignored.
The way Secure RPC is set up, the ecb_crypt() routine is expected to
be able to encrypt a buffer of any size up to 8192 bytes. However, the
des_ecb_encrypt() routine in libdes only encrypts 8 bytes (64 bits) at a
time. The rpc_enc.c module should compensate for this by calling
des_ecb_encrypt() repeatedly until it has encrypted the entire supplied
buffer, but it does not do this.
As a workaround, keyserv now handles this itself: if we're using DES
encryption, and the caller requested ECB mode, keyserv will do the right
thing.
Also changed all references to 'rc4' into 'arcfour' just in case some
litigious bastard from RSA is watching.
Note that I discovered and fixed this problem while trying to get
a part of NIS+ working: rpc.nisd signs directory objects with a 16-byte
MD5 digest that is encrypted with ecb_crypt(). Previously, only the
first 8 bytes of the digest were being properly encrypted, which caused
the Sun nis_cachemgr to reject the signatures as invalid. I failed to
notice this before since Secure RPC usually never has to encrypt more
than 8 bytes of data during normal operations.
