git: 2d5a980f43e5 - stable/13 - tcp_wrappers: recognize IPv6 addresses/prefixes

From: Ed Maste <emaste_at_FreeBSD.org>
Date: Thu, 21 Dec 2023 14:24:22 UTC
The branch stable/13 has been updated by emaste:

URL: https://cgit.FreeBSD.org/src/commit/?id=2d5a980f43e565355d5d174ac4737b0ca080dda2

commit 2d5a980f43e565355d5d174ac4737b0ca080dda2
Author:     Gleb Smirnoff <glebius@FreeBSD.org>
AuthorDate: 2023-07-20 21:56:20 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2023-12-21 14:23:40 +0000

    tcp_wrappers: recognize IPv6 addresses/prefixes
    
    Intentionally or not, but the libwrap was written in such manner that
    if your /etc/hosts.allow doesn't have any domain names, neither smart
    keywords like LOCAL or KNOWN, then it will not try to resolve the
    client address during the hosts check.  This was achieved with the
    NOT_INADDR() check that matched IPv4 addresses/prefixes.  Extend this
    to also skip resolve if client list token looks like IPv6.
    
    Reviewed by:            philip, emaste
    PR:                     269456
    Differential revision:  https://reviews.freebsd.org/D40070
    
    (cherry picked from commit 1d9722de6f90c3edf286b077938bfa696e728d6c)
---
 contrib/tcp_wrappers/hosts_access.c | 3 ++-
 contrib/tcp_wrappers/tcpd.h         | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/contrib/tcp_wrappers/hosts_access.c b/contrib/tcp_wrappers/hosts_access.c
index 05c62d194091..e55f3f34dd20 100644
--- a/contrib/tcp_wrappers/hosts_access.c
+++ b/contrib/tcp_wrappers/hosts_access.c
@@ -315,7 +315,8 @@ static int host_match(char *tok, struct host_info *host)
 	return (masked_match(tok, mask, eval_hostaddr(host)));
     } else {					/* anything else */
 	return (string_match(tok, eval_hostaddr(host))
-	    || (NOT_INADDR(tok) && string_match(tok, eval_hostname(host))));
+	    || (NOT_INADDR(tok) && NOT_INADDR6(tok)
+	     && string_match(tok, eval_hostname(host))));
     }
 }
 
diff --git a/contrib/tcp_wrappers/tcpd.h b/contrib/tcp_wrappers/tcpd.h
index 1078073c8e3a..194cde378c1c 100644
--- a/contrib/tcp_wrappers/tcpd.h
+++ b/contrib/tcp_wrappers/tcpd.h
@@ -70,6 +70,7 @@ extern char paranoid[];
 #define	HOSTNAME_KNOWN(s) (STR_NE((s),unknown) && STR_NE((s),paranoid))
 
 #define	NOT_INADDR(s) (s[strspn(s,"01234567890./")] != 0)
+#define	NOT_INADDR6(s) (strchr(s, ':') == NULL)
 
 /* Global functions. */