[1152] in Kerberos-V5-bugs
krb5b4pl3: appl/bsd/kcmd.c should try inet_addr and reverse resolve
daemon@ATHENA.MIT.EDU (Jonathan I. Kamens)
Tue Mar 14 10:37:09 1995
From: "Jonathan I. Kamens" <jik@cam.ov.com>
Date: Tue, 14 Mar 1995 10:40:14 -0500
To: krb5-bugs@MIT.EDU
appl/bsd/kcmd.c should call inet_addr, in case a dotted quad was
specified, because not all platforms do inet_addr automatically inside
gethostbyname.
Furthermore, it should reverse-resolve the address it gets from
gethostbyname, for the reasons explained in the comment in the patch
below.
--- appl/bsd/kcmd.c 1995/03/09 19:37:04 1.1
+++ appl/bsd/kcmd.c 1995/03/13 23:05:47 1.2.1.1
@@ -97,8 +97,9 @@
char c;
int lport = START_PORT;
struct hostent *hp;
+ unsigned long addr;
int rc;
- char *host_save;
+ char *host_save, *addr_save;
krb5_error_code status;
krb5_error *err_ret;
krb5_ap_rep_enc_part *rep_ret;
@@ -111,12 +112,45 @@
krb5_flags options = authopts;
pid = getpid();
- hp = gethostbyname(*ahost);
- if (hp == 0) {
- fprintf(stderr, "%s: unknown host\n", *ahost);
+
+ /*
+ * Try to parse the host name as an address. If that fails, then
+ * try to resolve it as a host name. On the other hand, if it
+ * succeeds, then try to resolve the resulting parsed address. If
+ * either resolving as a host name or resolving as a parsed
+ * address succeeds, then reverse-resolve the resulting address.
+ * The reverse resolution is for security resolutions, as well as
+ * to guarantee that we've actually got a canonical name to look
+ * up in the Kerbeos database (necessary for systems such as
+ * Solaris, which don't fully qualify names returned by
+ * gethostbyname and gethostbyaddr).
+ */
+ if ((addr = inet_addr(*ahost)) == -1)
+ hp = gethostbyname(*ahost);
+ else
+ hp = gethostbyaddr((char *) &addr, sizeof(unsigned long), AF_INET);
+ if (! hp) {
+ fprintf(stderr, "kcmd: Unknown host: %s\n", *ahost);
return (-1);
}
-
+
+ /*
+ * The memory pointed to by hp is static, and is used by the
+ * gethostbyaddr call, so we need to copy the address we're
+ * resolving before we call gethostbyaddr.
+ */
+ if (! (addr_save = malloc(hp->h_length))) {
+ fprintf(stderr, "kcmd: no memory\n");
+ return(-1);
+ }
+ memcpy(addr_save, hp->h_addr_list[0], hp->h_length);
+ if ((hp = gethostbyaddr(addr_save, hp->h_length, AF_INET)) == 0) {
+ krb5_xfree(addr_save);
+ fprintf(stderr, "kcmd: cannot reverse resolve %s\n", *ahost);
+ return (-1);
+ }
+ krb5_xfree(addr_save);
+
host_save = malloc(strlen(hp->h_name) + 1);
if ( host_save == (char *) 0){
fprintf(stderr,"kcmd: no memory\n");
