blacklist

Roy Marples Tue, 10 Mar 2020 19:13:10 -0700

Module Name:    src
Committed By:   roy
Date:           Wed Mar 11 02:12:08 UTC 2020


Modified Files:
        src/external/bsd/blacklist/bin: blacklistd.c conf.c
        src/external/bsd/blacklist/lib: bl.c

Log Message:
blacklist: Allow blacklist_sa to work with an invalid fd

fd -1 is invalid, so don't query it for protocol, port or address.

fd is supposed to represent how the client is connected, but if we are
parsing route(4) messages or log files then there is no client connection
to interogate.


To generate a diff of this commit:
cvs rdiff -u -r1.40 -r1.41 src/external/bsd/blacklist/bin/blacklistd.c
cvs rdiff -u -r1.26 -r1.27 src/external/bsd/blacklist/bin/conf.c
cvs rdiff -u -r1.29 -r1.30 src/external/bsd/blacklist/lib/bl.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/external/bsd/blacklist/bin/blacklistd.c
diff -u src/external/bsd/blacklist/bin/blacklistd.c:1.40 src/external/bsd/blacklist/bin/blacklistd.c:1.41
--- src/external/bsd/blacklist/bin/blacklistd.c:1.40	Tue Mar 10 13:36:07 2020
+++ src/external/bsd/blacklist/bin/blacklistd.c	Wed Mar 11 02:12:08 2020
@@ -1,4 +1,4 @@
-/*	$NetBSD: blacklistd.c,v 1.40 2020/03/10 13:36:07 roy Exp $	*/
+/*	$NetBSD: blacklistd.c,v 1.41 2020/03/11 02:12:08 roy Exp $	*/
 
 /*-
  * Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -32,7 +32,7 @@
 #include "config.h"
 #endif
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: blacklistd.c,v 1.40 2020/03/10 13:36:07 roy Exp $");
+__RCSID("$NetBSD: blacklistd.c,v 1.41 2020/03/11 02:12:08 roy Exp $");
 
 #include <sys/types.h>
 #include <sys/socket.h>
@@ -119,12 +119,14 @@ getremoteaddress(bl_info_t *bi, struct s
 	*rsl = sizeof(*rss);
 	memset(rss, 0, *rsl);
 
-	if (getpeername(bi->bi_fd, (void *)rss, rsl) != -1)
-		return 0;
-
-	if (errno != ENOTCONN) {
-		(*lfun)(LOG_ERR, "getpeername failed (%m)");
-		return -1;
+	if (bi->bi_fd != -1) {
+		if (getpeername(bi->bi_fd, (void *)rss, rsl) != -1)
+			return 0;
+
+		if (errno != ENOTCONN) {
+			(*lfun)(LOG_ERR, "getpeername failed (%m)");
+			return -1;
+		}
 	}
 
 	if (bi->bi_slen == 0) {

Index: src/external/bsd/blacklist/bin/conf.c
diff -u src/external/bsd/blacklist/bin/conf.c:1.26 src/external/bsd/blacklist/bin/conf.c:1.27
--- src/external/bsd/blacklist/bin/conf.c:1.26	Tue Mar 10 13:36:07 2020
+++ src/external/bsd/blacklist/bin/conf.c	Wed Mar 11 02:12:08 2020
@@ -1,4 +1,4 @@
-/*	$NetBSD: conf.c,v 1.26 2020/03/10 13:36:07 roy Exp $	*/
+/*	$NetBSD: conf.c,v 1.27 2020/03/11 02:12:08 roy Exp $	*/
 
 /*-
  * Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
 #endif
 
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: conf.c,v 1.26 2020/03/10 13:36:07 roy Exp $");
+__RCSID("$NetBSD: conf.c,v 1.27 2020/03/11 02:12:08 roy Exp $");
 
 #include <stdio.h>
 #ifdef HAVE_LIBUTIL_H
@@ -1009,6 +1009,14 @@ conf_find(int fd, uid_t uid, const struc
 	char buf[BUFSIZ];
 
 	memset(cr, 0, sizeof(*cr));
+
+	if (fd == -1) {
+		cr->c_proto = FSTAR;
+		cr->c_port = FSTAR;
+		memcpy(&lss, rss, sizeof(lss));
+		goto done_fd;
+	}
+
 	slen = sizeof(lss);
 	memset(&lss, 0, slen);
 	if (getsockname(fd, (void *)&lss, &slen) == -1) {
@@ -1051,6 +1059,7 @@ conf_find(int fd, uid_t uid, const struc
 		return NULL;
 	}
 
+done_fd:
 	cr->c_ss = lss;
 	cr->c_lmask = FSTAR;
 	cr->c_uid = (int)uid;

Index: src/external/bsd/blacklist/lib/bl.c
diff -u src/external/bsd/blacklist/lib/bl.c:1.29 src/external/bsd/blacklist/lib/bl.c:1.30
--- src/external/bsd/blacklist/lib/bl.c:1.29	Tue Mar 10 13:36:08 2020
+++ src/external/bsd/blacklist/lib/bl.c	Wed Mar 11 02:12:08 2020
@@ -1,4 +1,4 @@
-/*	$NetBSD: bl.c,v 1.29 2020/03/10 13:36:08 roy Exp $	*/
+/*	$NetBSD: bl.c,v 1.30 2020/03/11 02:12:08 roy Exp $	*/
 
 /*-
  * Copyright (c) 2014 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
 #endif
 
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: bl.c,v 1.29 2020/03/10 13:36:08 roy Exp $");
+__RCSID("$NetBSD: bl.c,v 1.30 2020/03/11 02:12:08 roy Exp $");
 
 #include <sys/param.h>
 #include <sys/types.h>
@@ -384,7 +384,6 @@ bl_send(bl_t b, bl_type_t e, int pfd, co
 	if (bl_getsock(b, &ub.bl.bl_ss, sa, slen, ctx) == -1)
 		return -1;
 
-
 	ub.bl.bl_salen = slen;
 	memcpy(ub.bl.bl_data, ctx, ctxlen);
 
@@ -394,15 +393,17 @@ bl_send(bl_t b, bl_type_t e, int pfd, co
 	msg.msg_iovlen = 1;
 	msg.msg_flags = 0;
 
-	msg.msg_control = ua.ctrl;
-	msg.msg_controllen = sizeof(ua.ctrl);
-
-	cmsg = CMSG_FIRSTHDR(&msg);
-	cmsg->cmsg_len = CMSG_LEN(sizeof(int));
-	cmsg->cmsg_level = SOL_SOCKET;
-	cmsg->cmsg_type = SCM_RIGHTS;
+	if (pfd != -1) {
+		msg.msg_control = ua.ctrl;
+		msg.msg_controllen = sizeof(ua.ctrl);
+
+		cmsg = CMSG_FIRSTHDR(&msg);
+		cmsg->cmsg_len = CMSG_LEN(sizeof(int));
+		cmsg->cmsg_level = SOL_SOCKET;
+		cmsg->cmsg_type = SCM_RIGHTS;
 
-	memcpy(CMSG_DATA(cmsg), &pfd, sizeof(pfd));
+		memcpy(CMSG_DATA(cmsg), &pfd, sizeof(pfd));
+	}
 
 	tried = 0;
 again:
@@ -494,14 +495,15 @@ bl_recv(bl_t b)
 
 	}
 
-	if (got != (GOT_CRED|GOT_FD)) {
-		bl_log(b->b_fun, LOG_ERR, "message missing %s %s",
+	if (!(got & GOT_FD))
+		bi->bi_fd = -1;
+
 #if GOT_CRED != 0
-		    (got & GOT_CRED) == 0 ? "cred" :
-#endif
-		    "", (got & GOT_FD) == 0 ? "fd" : "");
+	if (!(got & GOT_CRED)) {
+		bl_log(b->b_fun, LOG_ERR, "message missing cred");
 		return NULL;
 	}
+#endif
 
 	if ((size_t)rlen <= sizeof(ub.bl)) {
 		bl_log(b->b_fun, LOG_ERR, "message too short %zd", rlen);

CVS commit: src/external/bsd/blacklist

Reply via email to