ypset(8) attempts to bind to Weird IP (and possible solution)

Matthew Seaman m.seaman at infracaninophile.co.uk
Sun Jan 18 23:31:45 PST 2004

On Sun, Jan 18, 2004 at 01:19:58PM -0800, Saint Aardvark the Carpeted wrote:
> The problem seems to come in at lines 142/143:  before this,
> sin.sin_addr.s_addr is localhost (as set at line 130), as is
> hent->h_addr_list[0][0].  *After* this, it's set with the Weird IP,
> bind_tohost() is called, and packets go off to the Weird IP.
> ObDisclaimer:  I Am Not A Programmer, and my knowledge of C is pretty
> slim.  But:  if I change lines 142/143 to:
> 	bcopy(&hent->h_addr_list[0][0], &sin.sin_addr, sizeof sin.sin_addr);
> then the Weird IP doesn't show up in sin, and ypset only tries to bind
> to the IP address listed in its arguments.
> Looking through man pages and header files, it looks like
> hostent->h_addr_list is an array of pointers to chars (is that the
> right term?):
> 	char **h_addr_list
> and so gethostbyname is returning the IP address as the *first entry*
> in that list.  It makes sense to me, then, that bcopy should have
> h_addr_list[0][0] as its first argument.

Nice analysis.  Yes, it looks to me like you've discovered a real bug
here.  Someone is taking the address of what is already a pointer --
an equivalent to the fix you show would be:

    bcopy(hent->h_addr_list[0], &sin.sin_addr, sizeof sin.sin_addr);

which is possibly slightly clearer as to intent.

Another point in your argument would be to convert those weird IP
addresses to hexadecimal: = 0xa46e0f28 = 0x846e0f28

and use gdb to compare those values with the contents of the *hent

Please do submit a PR with your analysis and a patch.  It's slightly
perturbing that no-one spotted this a long time ago, but these things
happen from time to time.



Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20040119/de5281d0/attachment.bin

More information about the freebsd-questions mailing list