isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use inet_aton() instead of inet_addr() as it allows us to distinguish

Browse Source 
between the address (or mask 255.255.255.255) and an error.  In the
future we may consider switching to inet_pton() for IPv4 too.
This commit is contained in:
Todd C. Miller
2014-01-26 13:23:09 -07:00
parent 7e008eb677
commit aaecd326e4
4 changed files with 54 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
configure vendored
View File

@@ -18498,13 +18498,8 @@ $as_echo "no" >&6; }
fi fi
ac_fn_c_check_func "$LINENO" "inet_addr" "ac_cv_func_inet_addr" ac_fn_c_check_func "$LINENO" "inet_aton" "ac_cv_func_inet_aton"
if test "x$ac_cv_func_inet_addr" = xyes; then : if test "x$ac_cv_func_inet_aton" = xyes; then :
else
ac_fn_c_check_func "$LINENO" "__inet_addr" "ac_cv_func___inet_addr"
if test "x$ac_cv_func___inet_addr" = xyes; then :
else else
@@ -18522,9 +18517,9 @@ else
extralibs="`echo \"$libs\"|sed 's/^-l[^ ]*//'`" extralibs="`echo \"$libs\"|sed 's/^-l[^ ]*//'`"
_sudo_check_lib_extras=`echo "$extralibs"|sed -e 's/ *//g' -e 's/-l/_/g'` _sudo_check_lib_extras=`echo "$extralibs"|sed -e 's/ *//g' -e 's/-l/_/g'`
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for inet_addr in -l$lib${5+ }$extralibs" >&5 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for inet_aton in -l$lib${5+ }$extralibs" >&5
$as_echo_n "checking for inet_addr in -l$lib${5+ }$extralibs... " >&6; } $as_echo_n "checking for inet_aton in -l$lib${5+ }$extralibs... " >&6; }
if { as_var=sudo_cv_lib_$lib''_inet_addr$_sudo_check_lib_extras; eval \${$as_var+:} false; }; then : if { as_var=sudo_cv_lib_$lib''_inet_aton$_sudo_check_lib_extras; eval \${$as_var+:} false; }; then :
$as_echo_n "(cached) " >&6 $as_echo_n "(cached) " >&6
else else
@@ -18539,19 +18534,19 @@ else
#ifdef __cplusplus #ifdef __cplusplus
extern "C" extern "C"
#endif #endif
char inet_addr (); char inet_aton ();
int int
main () main ()
{ {
return inet_addr (); return inet_aton ();
; ;
return 0; return 0;
} }
_ACEOF _ACEOF
if ac_fn_c_try_link "$LINENO"; then : if ac_fn_c_try_link "$LINENO"; then :
eval sudo_cv_lib_$lib''_inet_addr$_sudo_check_lib_extras=yes eval sudo_cv_lib_$lib''_inet_aton$_sudo_check_lib_extras=yes
else else
eval sudo_cv_lib_$lib''_inet_addr$_sudo_check_lib_extras=no eval sudo_cv_lib_$lib''_inet_aton$_sudo_check_lib_extras=no
fi fi
rm -f core conftest.err conftest.$ac_objext \ rm -f core conftest.err conftest.$ac_objext \
@@ -18560,7 +18555,7 @@ rm -f core conftest.err conftest.$ac_objext \
fi fi
if eval test \$sudo_cv_lib_$lib''_inet_addr$_sudo_check_lib_extras = "yes"; then if eval test \$sudo_cv_lib_$lib''_inet_aton$_sudo_check_lib_extras = "yes"; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; } $as_echo "yes" >&6; }
NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; break NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; break
@@ -18574,9 +18569,6 @@ $as_echo "no" >&6; }
fi fi
fi
ac_fn_c_check_func "$LINENO" "syslog" "ac_cv_func_syslog" ac_fn_c_check_func "$LINENO" "syslog" "ac_cv_func_syslog"
if test "x$ac_cv_func_syslog" = xyes; then : if test "x$ac_cv_func_syslog" = xyes; then :

8
configure.ac
View File

@@ -2502,11 +2502,10 @@ AC_CHECK_FUNC(socket, [], [
done done
]) ])
dnl dnl
dnl If inet_addr(3) not in libc, check -lnsl and -linet dnl If inet_aton(3) not in libc, check -lnsl and -linet
dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols
dnl dnl
AC_CHECK_FUNC(inet_addr, [], [ AC_CHECK_FUNC(inet_aton, [], [
AC_CHECK_FUNC(__inet_addr, [], [
for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do
_libs= _libs=
for lib in $libs; do for lib in $libs; do
@@ -2519,9 +2518,8 @@ AC_CHECK_FUNC(inet_addr, [], [
test -z "$libs" && continue test -z "$libs" && continue
lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`" lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`"
extralibs="`echo \"$libs\"|sed 's/^-l[[^ ]]*//'`" extralibs="`echo \"$libs\"|sed 's/^-l[[^ ]]*//'`"
SUDO_CHECK_LIB($lib, inet_addr, [NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; break], [], [$extralibs]) SUDO_CHECK_LIB($lib, inet_aton, [NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; break], [], [$extralibs])
done done
])
]) ])
dnl dnl
dnl If syslog(3) not in libc, check -lsocket, -lnsl and -linet dnl If syslog(3) not in libc, check -lsocket, -lnsl and -linet

6
plugins/sudoers/interfaces.c
View File

@@ -87,10 +87,8 @@ set_interfaces(const char *ai)
} else { } else {
/* IPv4 */ /* IPv4 */
ifp->family = AF_INET; ifp->family = AF_INET;
ifp->addr.ip4.s_addr = inet_addr(addr); if (inet_aton(addr, &ifp->addr.ip4) != 1 ||
ifp->netmask.ip4.s_addr = inet_addr(mask); inet_aton(mask, &ifp->netmask.ip4) != 1) {
if (ifp->addr.ip4.s_addr == INADDR_NONE ||
ifp->netmask.ip4.s_addr == INADDR_NONE) {
efree(ifp); efree(ifp);
continue; continue;
} }

26
plugins/sudoers/match_addr.c
View File

@@ -61,15 +61,14 @@ addr_matches_if(const char *n)
debug_decl(addr_matches_if, SUDO_DEBUG_MATCH) debug_decl(addr_matches_if, SUDO_DEBUG_MATCH)
#ifdef HAVE_STRUCT_IN6_ADDR #ifdef HAVE_STRUCT_IN6_ADDR
if (inet_pton(AF_INET6, n, &addr.ip6) > 0) { if (inet_pton(AF_INET6, n, &addr.ip6) == 1) {
family = AF_INET6; family = AF_INET6;
} else } else
#endif /* HAVE_STRUCT_IN6_ADDR */ #endif /* HAVE_STRUCT_IN6_ADDR */
{ if (inet_aton(n, &addr.ip4) == 1) {
addr.ip4.s_addr = inet_addr(n);
if (addr.ip4.s_addr == INADDR_NONE)
debug_return_bool(false);
family = AF_INET; family = AF_INET;
} else {
debug_return_bool(false);
} }
SLIST_FOREACH(ifp, get_interfaces(), entries) { SLIST_FOREACH(ifp, get_interfaces(), entries) {
@@ -115,20 +114,23 @@ addr_matches_if_netmask(const char *n, const char *m)
debug_decl(addr_matches_if, SUDO_DEBUG_MATCH) debug_decl(addr_matches_if, SUDO_DEBUG_MATCH)
#ifdef HAVE_STRUCT_IN6_ADDR #ifdef HAVE_STRUCT_IN6_ADDR
if (inet_pton(AF_INET6, n, &addr.ip6) > 0) if (inet_pton(AF_INET6, n, &addr.ip6) == 1)
family = AF_INET6; family = AF_INET6;
else else
#endif /* HAVE_STRUCT_IN6_ADDR */ #endif /* HAVE_STRUCT_IN6_ADDR */
{ if (inet_aton(n, &addr.ip4) == 1) {
addr.ip4.s_addr = inet_addr(n);
if (addr.ip4.s_addr == INADDR_NONE)
debug_return_bool(false);
family = AF_INET; family = AF_INET;
} else {
debug_return_bool(false);
} }
if (family == AF_INET) { if (family == AF_INET) {
if (strchr(m, '.')) { if (strchr(m, '.')) {
mask.ip4.s_addr = inet_addr(m); if (inet_aton(m, &mask.ip4) != 1) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"IPv4 netmask %s: %s", m, "invalid value");
debug_return_bool(false);
}
} else { } else {
i = strtonum(m, 0, 32, &errstr); i = strtonum(m, 0, 32, &errstr);
if (errstr != NULL) { if (errstr != NULL) {
@@ -148,7 +150,7 @@ addr_matches_if_netmask(const char *n, const char *m)
} }
#ifdef HAVE_STRUCT_IN6_ADDR #ifdef HAVE_STRUCT_IN6_ADDR
else { else {
if (inet_pton(AF_INET6, m, &mask.ip6) <= 0) { if (inet_pton(AF_INET6, m, &mask.ip6) != 1) {
j = strtonum(m, 0, 128, &errstr); j = strtonum(m, 0, 128, &errstr);
if (errstr != NULL) { if (errstr != NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,