[Date Prev][Date Next] [Chronological] [Thread] [Top]

bug in libwrap code

I found a little DoS bug in the libwrap code for 1.1.2. Occurs when the
client connecting doesn't have a reverse lookup. Offending code occurs
in server/slapd/daemon.c:

line 280

if (!(hosts_ctl("slapd", client_name, client_addr, STRING_UNKNOWN))

A little further up you can see where client_name is NULL when the ip
does not have a host lookup. libwrap expects STRING_UNKNOWN for
anything that isn't set. Changed it to this:

if (!(hosts_ctl("slapd", client_name != NULL ? client_name :

Works great for me and hosts.{allow,deny} functionality is still
working (most importantly when ALL: PARANOID is setup).

Also I'd like to note for the devel team that OpenLDAP is being
packaged for Debian's distribution (by me). So far it seems to be a
great project...keep up the good work.

-----    -- - -------- --------- ----  -------  -----  - - ---   --------
Ben Collins <b.m.collins@larc.nasa.gov>                  Debian GNU/Linux
UnixGroup Admin - Jordan Systems Inc.                 bcollins@debian.org
------ -- ----- - - -------   ------- -- The Choice of the GNU Generation