diff options
author | olgeni <olgeni@FreeBSD.org> | 2010-12-23 23:02:17 +0800 |
---|---|---|
committer | olgeni <olgeni@FreeBSD.org> | 2010-12-23 23:02:17 +0800 |
commit | f0a22d1966a5d109486926566a605005fcf514f1 (patch) | |
tree | 3f08d7c2c18423be2e4b6b95d53a18d6a21badbd /lang | |
parent | a553cb157fe15f7193c726eb34f865a14528e410 (diff) | |
download | freebsd-ports-gnome-f0a22d1966a5d109486926566a605005fcf514f1.tar.gz freebsd-ports-gnome-f0a22d1966a5d109486926566a605005fcf514f1.tar.zst freebsd-ports-gnome-f0a22d1966a5d109486926566a605005fcf514f1.zip |
In FreeBSD jails, the source and destination address of connections
to localhost are changed to be the IP address of the jail.
Consider connections from the host's IP address to itself (e.g., the
source and destination address match) to be local for the access
control checks.
Reported by: <tom diogunix com>
Obtained from: Michael Santos <michael santos gmail com>
Diffstat (limited to 'lang')
-rw-r--r-- | lang/erlang/Makefile | 1 | ||||
-rw-r--r-- | lang/erlang/files/patch-erts_epmd_src_epmd__srv.c | 33 | ||||
-rw-r--r-- | lang/erlang14/Makefile | 1 | ||||
-rw-r--r-- | lang/erlang14/files/patch-erts_epmd_src_epmd__srv.c | 33 |
4 files changed, 68 insertions, 0 deletions
diff --git a/lang/erlang/Makefile b/lang/erlang/Makefile index 0d30e987a32f..a30b5f131447 100644 --- a/lang/erlang/Makefile +++ b/lang/erlang/Makefile @@ -7,6 +7,7 @@ PORTNAME= erlang PORTVERSION= r14b01 +PORTREVISION= 1 PORTEPOCH= 1 CATEGORIES= lang parallel java MASTER_SITES= http://www.erlang.org/download/:erlangorg \ diff --git a/lang/erlang/files/patch-erts_epmd_src_epmd__srv.c b/lang/erlang/files/patch-erts_epmd_src_epmd__srv.c new file mode 100644 index 000000000000..bd4fb7f76bde --- /dev/null +++ b/lang/erlang/files/patch-erts_epmd_src_epmd__srv.c @@ -0,0 +1,33 @@ + +$FreeBSD$ + +--- erts/epmd/src/epmd_srv.c.orig ++++ erts/epmd/src/epmd_srv.c +@@ -736,6 +736,7 @@ + for (i = 0; i < g->max_conn; i++) { + if (g->conn[i].open == EPMD_FALSE) { + struct sockaddr_in si; ++ struct sockaddr_in di; + #ifdef HAVE_SOCKLEN_T + socklen_t st; + #else +@@ -756,12 +757,16 @@ + /* Determine if connection is from localhost */ + if (getpeername(s->fd,(struct sockaddr*) &si,&st) || + st < sizeof(si)) { +- /* Failure to get peername is regarder as non local host */ ++ /* Failure to get peername is regarded as non local host */ + s->local_peer = EPMD_FALSE; + } else { ++ /* Only 127.x.x.x and connections from the host's IP address ++ allowed, no false positives */ + s->local_peer = +- ((((unsigned) ntohl(si.sin_addr.s_addr)) & 0xFF000000U) == +- 0x7F000000U); /* Only 127.x.x.x allowed, no false positives */ ++ (((((unsigned) ntohl(si.sin_addr.s_addr)) & 0xFF000000U) == ++ 0x7F000000U) || ++ (getsockname(s->fd,(struct sockaddr*) &di,&st) ? ++ EPMD_FALSE : si.sin_addr.s_addr == di.sin_addr.s_addr)); + } + dbg_tty_printf(g,2,(s->local_peer) ? "Local peer connected" : + "Non-local peer connected"); diff --git a/lang/erlang14/Makefile b/lang/erlang14/Makefile index 0d30e987a32f..a30b5f131447 100644 --- a/lang/erlang14/Makefile +++ b/lang/erlang14/Makefile @@ -7,6 +7,7 @@ PORTNAME= erlang PORTVERSION= r14b01 +PORTREVISION= 1 PORTEPOCH= 1 CATEGORIES= lang parallel java MASTER_SITES= http://www.erlang.org/download/:erlangorg \ diff --git a/lang/erlang14/files/patch-erts_epmd_src_epmd__srv.c b/lang/erlang14/files/patch-erts_epmd_src_epmd__srv.c new file mode 100644 index 000000000000..bd4fb7f76bde --- /dev/null +++ b/lang/erlang14/files/patch-erts_epmd_src_epmd__srv.c @@ -0,0 +1,33 @@ + +$FreeBSD$ + +--- erts/epmd/src/epmd_srv.c.orig ++++ erts/epmd/src/epmd_srv.c +@@ -736,6 +736,7 @@ + for (i = 0; i < g->max_conn; i++) { + if (g->conn[i].open == EPMD_FALSE) { + struct sockaddr_in si; ++ struct sockaddr_in di; + #ifdef HAVE_SOCKLEN_T + socklen_t st; + #else +@@ -756,12 +757,16 @@ + /* Determine if connection is from localhost */ + if (getpeername(s->fd,(struct sockaddr*) &si,&st) || + st < sizeof(si)) { +- /* Failure to get peername is regarder as non local host */ ++ /* Failure to get peername is regarded as non local host */ + s->local_peer = EPMD_FALSE; + } else { ++ /* Only 127.x.x.x and connections from the host's IP address ++ allowed, no false positives */ + s->local_peer = +- ((((unsigned) ntohl(si.sin_addr.s_addr)) & 0xFF000000U) == +- 0x7F000000U); /* Only 127.x.x.x allowed, no false positives */ ++ (((((unsigned) ntohl(si.sin_addr.s_addr)) & 0xFF000000U) == ++ 0x7F000000U) || ++ (getsockname(s->fd,(struct sockaddr*) &di,&st) ? ++ EPMD_FALSE : si.sin_addr.s_addr == di.sin_addr.s_addr)); + } + dbg_tty_printf(g,2,(s->local_peer) ? "Local peer connected" : + "Non-local peer connected"); |