ypset(8) attempts to bind to Weird IP (and possible solution)
m.seaman at infracaninophile.co.uk
Sun Jan 18 23:31:45 PST 2004
On Sun, Jan 18, 2004 at 01:19:58PM -0800, Saint Aardvark the Carpeted wrote:
> The problem seems to come in at lines 142/143: before this,
> sin.sin_addr.s_addr is localhost (as set at line 130), as is
> hent->h_addr_list. *After* this, it's set with the Weird IP,
> bind_tohost() is called, and packets go off to the Weird IP.
> ObDisclaimer: I Am Not A Programmer, and my knowledge of C is pretty
> slim. But: if I change lines 142/143 to:
> bcopy(&hent->h_addr_list, &sin.sin_addr, sizeof sin.sin_addr);
> then the Weird IP doesn't show up in sin, and ypset only tries to bind
> to the IP address listed in its arguments.
> Looking through man pages and header files, it looks like
> hostent->h_addr_list is an array of pointers to chars (is that the
> right term?):
> char **h_addr_list
> and so gethostbyname is returning the IP address as the *first entry*
> in that list. It makes sense to me, then, that bcopy should have
> h_addr_list as its first argument.
Nice analysis. Yes, it looks to me like you've discovered a real bug
here. Someone is taking the address of what is already a pointer --
an equivalent to the fix you show would be:
bcopy(hent->h_addr_list, &sin.sin_addr, sizeof sin.sin_addr);
which is possibly slightly clearer as to intent.
Another point in your argument would be to convert those weird IP
addresses to hexadecimal:
188.8.131.52 = 0xa46e0f28
184.108.40.206 = 0x846e0f28
and use gdb to compare those values with the contents of the *hent
Please do submit a PR with your analysis and a patch. It's slightly
perturbing that no-one spotted this a long time ago, but these things
happen from time to time.
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20040119/de5281d0/attachment.bin
More information about the freebsd-questions