bug in masked_match function
Tomoki
I think the right solution is to revert the patch - i've knocked up
the following test program.
testbox$ ./a.out
255.255.254.0 == addr/23
1110
Reverting old change - correct
(ALLONES atoi(slash + 1)) ^ ALLONES
1110
changing XOR to AND is incorrect
(ALLONES atoi(slash + 1)) ALLONES
1000
Best Regards
Andrew Bird (Unix Consultant)
#define ALLONES ((uint32)0x)
typedef unsigned int uint32;
print_uint32(uint32 val) {
int i;
for (i = 31 ; i = 0 ;i--) {
printf(%c, val (1 i) ? '1' : '0');
if( (i % 4) == 0 )
printf( );
}
printf(\n\n);
}
int main() {
char *string=10.0.0.0/23;
char *slash=/23;
uint32 mask;
mask =(25524) + (25516) + (2548) + 0;
printf(255.255.254.0 == addr/23\n);
print_uint32(mask);
mask = (uint32)((ALLONES atoi(slash + 1)) ^ ALLONES);
printf(Reverting old change - correct\n);
printf((ALLONES atoi(slash + 1)) ^ ALLONES\n);
print_uint32(mask);
mask = (uint32)((ALLONES atoi(slash + 1)) ALLONES);
printf(changing XOR to AND is incorrect\n);
printf((ALLONES atoi(slash + 1)) ALLONES\n);
print_uint32(mask);
}
Re: bug in masked_match function
I found this suspisious case (and described shortly in
Samba-JP), so I'll explain more.
In [EMAIL PROTECTED],
[EMAIL PROTECTED] wrote:
The masked_match function in lib/access.c is wrong.(CVS HEAD and 2_2)
This case matches if CIDR-like notation specified in hosts
allow/deny (ex. '10.0.0.0/23') only. This is not case if
specified with network/subnet mask. (ex. '10.0.0.0/255.255.254.0')
I cite more lines in lib/access.c:
33 if (strlen(slash + 1) 2) {
34 mask = interpret_addr(slash + 1);
35 } else {
36 mask = (uint32)((ALLONES atoi(slash + 1)) ^ ALLONES);
37 }
Example: hosts allow = 10.0.0.0/23
This produces following result. This isn't mask.
mask = 0111
In case '10.0.0.0/255.255.254.0', program execute line 34
and returns:
mask = 1110
I don't know why this change was made.
http://cvs.samba.org/cgi-bin/cvsweb/samba/source/lib/access.c.diff?r1=1.19.4.12r2=1.19.4.13
I think reverting change in line 36 (reverse shift
direction) or replacing '^'(XOR) to ''(AND) would solve
this case. Am I right?
Patch (I prefer replacing '^' to '') follows:
Index: lib/access.c
===
RCS file: /cvsroot/samba/source/lib/access.c,v
retrieving revision 1.35
diff -u -u -w -r1.35 access.c
--- lib/access.c12 Nov 2002 23:15:49 - 1.35
+++ lib/access.c14 Mar 2003 10:43:09 -
@@ -33,7 +33,7 @@
if (strlen(slash + 1) 2) {
mask = interpret_addr(slash + 1);
} else {
- mask = (uint32)((ALLONES atoi(slash + 1)) ^ ALLONES);
+ mask = (uint32)((ALLONES atoi(slash + 1)) ALLONES);
}
if (net == INADDR_NONE || mask == INADDR_NONE) {
Tomoki AONO ([EMAIL PROTECTED])
bug in masked_match function
Hello, I heard a following problem in Samba-JP. The masked_match function in lib/access.c is wrong.(CVS HEAD and 2_2) mask = (uint32)((ALLONES atoi(slash + 1)) ^ ALLONES); Example: hosts allow = 10.0.0.0/23 This produces following result. This isn't mask. mask = 0111 Therefore 'hosts allow' and 'hosts deny' doesn't match. I don't know why this change was made. http://cvs.samba.org/cgi-bin/cvsweb/samba/source/lib/access.c.diff?r1=1.19.4.12r2=1.19.4.13 Please check. Thanks, Yasuma Takeda [EMAIL PROTECTED]
