2c8388d913
result in a race condition, where for instance an IP based ACL might result in a denial decision. Fix this by changing these inet_ntoa's to inet_ntop with on-stack store. Reported by: Damian Hazen <dhazen lbl.gov>
70 lines
2.6 KiB
Diff
70 lines
2.6 KiB
Diff
diff --git servers/slapd/connection.c servers/slapd/connection.c
|
|
index aea3b39..65ce576 100644
|
|
--- servers/slapd/connection.c
|
|
+++ servers/slapd/connection.c
|
|
@@ -1500,12 +1500,21 @@ connection_input( Connection *conn , conn_readinfo *cri )
|
|
#ifdef LDAP_CONNECTIONLESS
|
|
if ( conn->c_is_udp ) {
|
|
char peername[sizeof("IP=255.255.255.255:65336")];
|
|
+ const char *peeraddr = NULL;
|
|
|
|
len = ber_int_sb_read(conn->c_sb, &peeraddr, sizeof(struct sockaddr));
|
|
if (len != sizeof(struct sockaddr)) return 1;
|
|
|
|
+#if defined( HAVE_GETADDRINFO ) && defined( HAVE_INET_NTOP )
|
|
+ char addr[INET_ADDRSTRLEN];
|
|
+ inet_ntop( AF_INET, &peeraddr.sa_in_addr.sin_addr,
|
|
+ addr, sizeof(addr) );
|
|
+ peeraddr = addr;
|
|
+#else /* ! HAVE_GETADDRINFO || ! HAVE_INET_NTOP */
|
|
+ peeraddr = inet_ntoa( peeraddr.sa_in_addr.sin_addr );
|
|
+#endif /* ! HAVE_GETADDRINFO || ! HAVE_INET_NTOP */
|
|
sprintf( peername, "IP=%s:%d",
|
|
- inet_ntoa( peeraddr.sa_in_addr.sin_addr ),
|
|
+ peeraddr,
|
|
(unsigned) ntohs( peeraddr.sa_in_addr.sin_port ) );
|
|
Statslog( LDAP_DEBUG_STATS,
|
|
"conn=%lu UDP request from %s (%s) accepted.\n",
|
|
diff --git servers/slapd/daemon.c servers/slapd/daemon.c
|
|
index 8e8a69d..ccfa2ee 100644
|
|
--- servers/slapd/daemon.c
|
|
+++ servers/slapd/daemon.c
|
|
@@ -1971,8 +1971,16 @@ slap_listener(
|
|
# ifdef LDAP_PF_INET6
|
|
case AF_INET6:
|
|
if ( IN6_IS_ADDR_V4MAPPED(&from.sa_in6_addr.sin6_addr) ) {
|
|
+#if defined( HAVE_GETADDRINFO ) && defined( HAVE_INET_NTOP )
|
|
+ char addr[INET_ADDRSTRLEN];
|
|
+ inet_ntop( AF_INET,
|
|
+ ((struct in_addr *)&from.sa_in6_addr.sin6_addr.s6_addr[12]),
|
|
+ addr, sizeof(addr) );
|
|
+ peeraddr = addr;
|
|
+#else /* ! HAVE_GETADDRINFO || ! HAVE_INET_NTOP */
|
|
peeraddr = inet_ntoa( *((struct in_addr *)
|
|
&from.sa_in6_addr.sin6_addr.s6_addr[12]) );
|
|
+#endif /* ! HAVE_GETADDRINFO || ! HAVE_INET_NTOP */
|
|
sprintf( peername, "IP=%s:%d",
|
|
peeraddr != NULL ? peeraddr : SLAP_STRING_UNKNOWN,
|
|
(unsigned) ntohs( from.sa_in6_addr.sin6_port ) );
|
|
@@ -1989,12 +1997,19 @@ slap_listener(
|
|
break;
|
|
# endif /* LDAP_PF_INET6 */
|
|
|
|
- case AF_INET:
|
|
+ case AF_INET: {
|
|
+#if defined( HAVE_GETADDRINFO ) && defined( HAVE_INET_NTOP )
|
|
+ char addr[INET_ADDRSTRLEN];
|
|
+ inet_ntop( AF_INET, &from.sa_in_addr.sin_addr,
|
|
+ addr, sizeof(addr) );
|
|
+ peeraddr = addr;
|
|
+#else /* ! HAVE_GETADDRINFO || ! HAVE_INET_NTOP */
|
|
peeraddr = inet_ntoa( from.sa_in_addr.sin_addr );
|
|
+#endif /* ! HAVE_GETADDRINFO || ! HAVE_INET_NTOP */
|
|
sprintf( peername, "IP=%s:%d",
|
|
peeraddr != NULL ? peeraddr : SLAP_STRING_UNKNOWN,
|
|
(unsigned) ntohs( from.sa_in_addr.sin_port ) );
|
|
- break;
|
|
+ } break;
|
|
|
|
default:
|
|
slapd_close(sfd);
|