From nobody Thu Dec 21 14:24:22 2023
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Swt3V3CRxz54s40;
	Thu, 21 Dec 2023 14:24:22 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Swt3V2jLbz4cRQ;
	Thu, 21 Dec 2023 14:24:22 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1703168662;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=QDGS7b7WobtbYfRqMqnXQzLT5LSCU/kp9ioVX/7OnoM=;
	b=Gip5MPap4HqDAUXuF+17DbCLS8f22KJc2gqLUANdDCoecQJXO4FBOgTSYGyoq1QHm4bNF8
	epgD1U+PU1qUABUvpGe7useonNhxUr/9DMi5XdUyWPeq/rw4v/5nRfKGUdMWUAjRRyxUb1
	Upw1IgoEDf8D93eGf9gwzK8vXCAJNYk4rR6M/kK9nF5vQFQ0IHsVuA2V2xDgyDhcKVBzRJ
	ZHcBB9MNvPCYyojkIZcK4mFiZsg42f87SxUEwDzKr09eMPunrsr5atTKdqUXDPKuMbPGvD
	YUfr2bkGInZ/HvQnwt0IzN8Q6RbAi6Vwk47dNenQOTN5MhzYq/s3XPNW22E7tg==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1703168662; a=rsa-sha256; cv=none;
	b=Quc/C9OCOoHIKER2MafOKZsFqtEBc7Ha+5dMtxkN2zUN+gOTzUsVd2vXzYdudsgUwBc3fu
	fm3RAHdPXu/s2paBgkcL028EEIMLClzwGCzVPezInQHHU6Wrau0hMTUUaRreF87wT8edSn
	4P1JpLvEX8axWvbimhE6IKvpFGIav0uROsjY9/gldWK4wOvAjmRwIIOhCjX7ruvKoq5eeV
	kD0bScWhHb1exeEzvJjrtnR2GlJF9Ry4TejPepSeE4UFYe0g8Xi5iHpmUclHDjNaGUrN6T
	QGT/xsoCAJ7igP4pW+z+9cj1xt4F4ul90IgiCrjAegx69N5RCL1rM6h1SyY2FQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1703168662;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=QDGS7b7WobtbYfRqMqnXQzLT5LSCU/kp9ioVX/7OnoM=;
	b=bTK76kW4UR/Gisax4Njd2q9iZih5xLT3MYmUEPjUpPn/N8h/8ekjoq7++rEeeXGbNZfzKu
	a2XtDs62E9UReLYescvmZGryUbf62r1eSImYCSbxvNLTq9mk7bkNfwdtH+ohq31/hq+dSu
	e5CvjprAH8xLaBZq4aA8mjrdb46N0S1yKBpP3mDfOAnyjUtl/6jFrwbOp96hJqmtzky0ot
	3JJ5Z7xC4CMmKIlmY1pTA9535IuwiLRUm+sOWyyOEdNdolx/yz10hzqysXGoEz5xyB285L
	WU9qkYOpZTPhMf0Q38XJQz4ru5kMUn3W0rp6ZMkXBDCTq0hRF71LDhvsqupBnw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Swt3V1lnDzbp4;
	Thu, 21 Dec 2023 14:24:22 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 3BLEOMhr047628;
	Thu, 21 Dec 2023 14:24:22 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 3BLEOM2Q047625;
	Thu, 21 Dec 2023 14:24:22 GMT
	(envelope-from git)
Date: Thu, 21 Dec 2023 14:24:22 GMT
Message-Id: <202312211424.3BLEOM2Q047625@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Ed Maste <emaste@FreeBSD.org>
Subject: git: 2d5a980f43e5 - stable/13 - tcp_wrappers: recognize
  IPv6 addresses/prefixes
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-branches@freebsd.org
X-BeenThere: dev-commits-src-branches@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: emaste
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: 2d5a980f43e565355d5d174ac4737b0ca080dda2
Auto-Submitted: auto-generated

The branch stable/13 has been updated by emaste:

URL: https://cgit.FreeBSD.org/src/commit/?id=2d5a980f43e565355d5d174ac4737b0ca080dda2

commit 2d5a980f43e565355d5d174ac4737b0ca080dda2
Author:     Gleb Smirnoff <glebius@FreeBSD.org>
AuthorDate: 2023-07-20 21:56:20 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2023-12-21 14:23:40 +0000

    tcp_wrappers: recognize IPv6 addresses/prefixes
    
    Intentionally or not, but the libwrap was written in such manner that
    if your /etc/hosts.allow doesn't have any domain names, neither smart
    keywords like LOCAL or KNOWN, then it will not try to resolve the
    client address during the hosts check.  This was achieved with the
    NOT_INADDR() check that matched IPv4 addresses/prefixes.  Extend this
    to also skip resolve if client list token looks like IPv6.
    
    Reviewed by:            philip, emaste
    PR:                     269456
    Differential revision:  https://reviews.freebsd.org/D40070
    
    (cherry picked from commit 1d9722de6f90c3edf286b077938bfa696e728d6c)
---
 contrib/tcp_wrappers/hosts_access.c | 3 ++-
 contrib/tcp_wrappers/tcpd.h         | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/contrib/tcp_wrappers/hosts_access.c b/contrib/tcp_wrappers/hosts_access.c
index 05c62d194091..e55f3f34dd20 100644
--- a/contrib/tcp_wrappers/hosts_access.c
+++ b/contrib/tcp_wrappers/hosts_access.c
@@ -315,7 +315,8 @@ static int host_match(char *tok, struct host_info *host)
 	return (masked_match(tok, mask, eval_hostaddr(host)));
     } else {					/* anything else */
 	return (string_match(tok, eval_hostaddr(host))
-	    || (NOT_INADDR(tok) && string_match(tok, eval_hostname(host))));
+	    || (NOT_INADDR(tok) && NOT_INADDR6(tok)
+	     && string_match(tok, eval_hostname(host))));
     }
 }
 
diff --git a/contrib/tcp_wrappers/tcpd.h b/contrib/tcp_wrappers/tcpd.h
index 1078073c8e3a..194cde378c1c 100644
--- a/contrib/tcp_wrappers/tcpd.h
+++ b/contrib/tcp_wrappers/tcpd.h
@@ -70,6 +70,7 @@ extern char paranoid[];
 #define	HOSTNAME_KNOWN(s) (STR_NE((s),unknown) && STR_NE((s),paranoid))
 
 #define	NOT_INADDR(s) (s[strspn(s,"01234567890./")] != 0)
+#define	NOT_INADDR6(s) (strchr(s, ':') == NULL)
 
 /* Global functions. */