It is declared here and in rfc931.c and unused here so keep that copy
and discard this one.
Obtained from: CheriBSD
MFC after: 1 week
Sponsored by: DARPA, AFRL
This matches the name and avoids logging of warnings to console with
default syslog.conf, esp. getting rid of:
warning: /etc/hosts.allow, line ..: can't verify hostname: \
getaddrinfo(.., AF_INET) failed
The declaration was already inactive when INET6 was enabled
and it causes a build error in the other case because of
a conflict with the correct definition in stdlib.h.
Discussed with: dim, ume
MFC after: 2 weeks
(tcp wrapper oracle) warning fixes via edits to the C code files
contrib/tcp_wrappers/fakelog.c
Warnings for each of functions: openlog( ), vsyslog( ), VARARGS( ),
closelog( )
warning: type specifier missing, defaults to 'int' [-Wimplicit-int]
warning: control reaches end of non-void function [-Wreturn-type]
Fixes:
Explicitly added specification of function type to void for each
function, suppressing both warnings for each function listed
contrib/tcp_wrappers/inetcf.c
Warnings:
warning: incompativle redeclaration of library function 'malloc'
note: 'malloc' is a builtin with type 'void *(unsigned long)'
warning: implicit declaration of function 'check_path' is invalid in C99
[-Wimplicit-function-declaration]
Fixes:
Removed redeclaration of malloc on line 21
Included library <stdlib.h> in the code which contains the malloc( )
function in it's library
Included scaffold.h header file in the code that contains check-path( )
function
contrib/tcp_wrappers/scaffold.c
Warnings:
warning: implicitly declaring library function 'exit' with type
'void (int) __attribute__((noreturn))' [-Wimplicit-function-declaration]
note: include the header <stdlib.h> or explicitly provide a declaration
for 'exit'
Fixes:
Included <stdlib.h> in the code which contains the exit( ) function in
it's library
contrib/tcp_wrappers/tcpdchk.c
Warnings:
warning: implicit declaration of function 'getopt' is invalid
in C99 [-Wimplicit-function-declaration]
warning: implicit declaration of function 'atoi' is invalid
in C99 [-Wimplicit-function-declaration]
Fixes:
Included the specific function <getopt.h> library to the code
Included<stdlib.h> to the code which contains the atoi( ) function in
the library
contrib/tcp_wrappers/tcpdmatch.c
Warnings:
warning: implicit declaration of function 'getopt' is invalid in C99
[-Wimplicit-function-declaration]
Fixes:
Included<stdlib.h> to the code which contains the getopt( ) function in
the library
Submitted by: Aaron Prieger <aprieger@llnw.com>
Reviewed by: vangyzen
Sponsored by: Limelight Networks
Differential Revision: https://reviews.freebsd.org/D10995
prototypes in <tcpd.h> use FILE. Pull in a minimal forward declaration
of FILE from <stdio.h> to minimize impact. Sorry for the breakage.
Reported by: Shawn Webb <shawn.webb@hardenedbsd.org>
X-MFC-With: r311459
Clang 4.0.0 complains about tcpd.h's not-really-prototypes, e.g.:
/usr/include/tcpd.h:75:24: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes]
extern int hosts_access(); /* access control */
^
To fix this, turn these declarations into real prototypes. While here,
garbage collect the incompatible rfc931() function from scaffold.c, as
it is never used.
Reviewed by: emaste
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D9052
According the hosts_access(3) man page the hosts_ctl() prototype
should be in tcpd.h. For now, follow other declarations and don't
add the arguments in the prototype.
Reference:
https://www.illumos.org/issues/4385
PR: 32808
MFC after: 2 weeks
This clears up at least a build issues on mysql-server
ports. While here also replace some spaces with tabs
in our headers.
PR: 42336
MFC after: 2 weeks
yp_get_default_domain is defined in workaround.c but is not declared
in any header file. Tie the declaration to the same #define conditional
used when the function is called, NETGROUP
1. define the CODE * as const
2. restructure function to eliminate warning about exiting with no return.
severity_map() never returns when it can't find an appropriate sysylog
facility, and it longjmp()'s away into error code handling. Keep this
behavior by stashing the facility value found during our search and
checking for -1 if found.
share/mk/sys.mk instead.
This is part of a medium term project to permit deterministic builds of
FreeBSD.
Submitted by: Erik Cederstrand <erik@cederstrand.dk>
Reviewed by: imp, toolchain@
Approved by: cperciva
MFC after: 2 weeks
+* Redistribution and use in source and binary forms, with or without
+* modification, are permitted provided that this entire copyright notice
+* is duplicated in all such copies.
Obtained from: ftp://ftp.porcupine.org/pub/security/tcp_wrappers_license
implementation of getaddrinfo() may return NULL ai_canonname.
There is no consensus how getaddrinfo() should fill ai_canonname
when numeric hostname is given.
Reported by: kris
across several packets. This is done by not turning off buffering
on the stdio stream for the ident connection. Originally this was
done to avoid reading back what you'd just written into the buffer.
However ANSI C gives a list of functions which should allow you to
safely change direction on a stdio stream, and Wietse found that
fseek seemed to be the most portable.
The original patch used a different workaround, but this should be
a real fix.
PR: 16086
Reviewed by: wietse@porcupine.org
(Original version) Approved by: markm
Now when tcp_wrapper is enabled by inetd -wW,
several accesses which should be permitted are refused only for IPv6,
if hostname is used to decide the host to be allowed.
IPv6 users will be just upset.
About security related concern.
-All extensions are wrapped by #ifdef INET6, so people can completely
disable the extension by recompile libwrap without INET6 option.
-Access via IPv6 is not enabled by default.
People need to enable IPv6 access by changing /etc/inetd.conf at first,
by adding tcp6 and/or tcp46 entries.
-The base of patches are from KAME package and are actually daily used
for more than a year in several Japanese IPv6 environments.
-Patches are reviewed by markm.
Approved by: jkh
Submitted by: Hajimu UMEMOTO <ume@mahoroba.org>
Reviewed by: markm
Obtained from: KAME project
