aboutsummaryrefslogtreecommitdiffstats
path: root/lang
diff options
context:
space:
mode:
authorolgeni <olgeni@FreeBSD.org>2010-12-23 23:02:17 +0800
committerolgeni <olgeni@FreeBSD.org>2010-12-23 23:02:17 +0800
commitf0a22d1966a5d109486926566a605005fcf514f1 (patch)
tree3f08d7c2c18423be2e4b6b95d53a18d6a21badbd /lang
parenta553cb157fe15f7193c726eb34f865a14528e410 (diff)
downloadfreebsd-ports-gnome-f0a22d1966a5d109486926566a605005fcf514f1.tar.gz
freebsd-ports-gnome-f0a22d1966a5d109486926566a605005fcf514f1.tar.zst
freebsd-ports-gnome-f0a22d1966a5d109486926566a605005fcf514f1.zip
In FreeBSD jails, the source and destination address of connections
to localhost are changed to be the IP address of the jail. Consider connections from the host's IP address to itself (e.g., the source and destination address match) to be local for the access control checks. Reported by: <tom diogunix com> Obtained from: Michael Santos <michael santos gmail com>
Diffstat (limited to 'lang')
-rw-r--r--lang/erlang/Makefile1
-rw-r--r--lang/erlang/files/patch-erts_epmd_src_epmd__srv.c33
-rw-r--r--lang/erlang14/Makefile1
-rw-r--r--lang/erlang14/files/patch-erts_epmd_src_epmd__srv.c33
4 files changed, 68 insertions, 0 deletions
diff --git a/lang/erlang/Makefile b/lang/erlang/Makefile
index 0d30e987a32f..a30b5f131447 100644
--- a/lang/erlang/Makefile
+++ b/lang/erlang/Makefile
@@ -7,6 +7,7 @@
PORTNAME= erlang
PORTVERSION= r14b01
+PORTREVISION= 1
PORTEPOCH= 1
CATEGORIES= lang parallel java
MASTER_SITES= http://www.erlang.org/download/:erlangorg \
diff --git a/lang/erlang/files/patch-erts_epmd_src_epmd__srv.c b/lang/erlang/files/patch-erts_epmd_src_epmd__srv.c
new file mode 100644
index 000000000000..bd4fb7f76bde
--- /dev/null
+++ b/lang/erlang/files/patch-erts_epmd_src_epmd__srv.c
@@ -0,0 +1,33 @@
+
+$FreeBSD$
+
+--- erts/epmd/src/epmd_srv.c.orig
++++ erts/epmd/src/epmd_srv.c
+@@ -736,6 +736,7 @@
+ for (i = 0; i < g->max_conn; i++) {
+ if (g->conn[i].open == EPMD_FALSE) {
+ struct sockaddr_in si;
++ struct sockaddr_in di;
+ #ifdef HAVE_SOCKLEN_T
+ socklen_t st;
+ #else
+@@ -756,12 +757,16 @@
+ /* Determine if connection is from localhost */
+ if (getpeername(s->fd,(struct sockaddr*) &si,&st) ||
+ st < sizeof(si)) {
+- /* Failure to get peername is regarder as non local host */
++ /* Failure to get peername is regarded as non local host */
+ s->local_peer = EPMD_FALSE;
+ } else {
++ /* Only 127.x.x.x and connections from the host's IP address
++ allowed, no false positives */
+ s->local_peer =
+- ((((unsigned) ntohl(si.sin_addr.s_addr)) & 0xFF000000U) ==
+- 0x7F000000U); /* Only 127.x.x.x allowed, no false positives */
++ (((((unsigned) ntohl(si.sin_addr.s_addr)) & 0xFF000000U) ==
++ 0x7F000000U) ||
++ (getsockname(s->fd,(struct sockaddr*) &di,&st) ?
++ EPMD_FALSE : si.sin_addr.s_addr == di.sin_addr.s_addr));
+ }
+ dbg_tty_printf(g,2,(s->local_peer) ? "Local peer connected" :
+ "Non-local peer connected");
diff --git a/lang/erlang14/Makefile b/lang/erlang14/Makefile
index 0d30e987a32f..a30b5f131447 100644
--- a/lang/erlang14/Makefile
+++ b/lang/erlang14/Makefile
@@ -7,6 +7,7 @@
PORTNAME= erlang
PORTVERSION= r14b01
+PORTREVISION= 1
PORTEPOCH= 1
CATEGORIES= lang parallel java
MASTER_SITES= http://www.erlang.org/download/:erlangorg \
diff --git a/lang/erlang14/files/patch-erts_epmd_src_epmd__srv.c b/lang/erlang14/files/patch-erts_epmd_src_epmd__srv.c
new file mode 100644
index 000000000000..bd4fb7f76bde
--- /dev/null
+++ b/lang/erlang14/files/patch-erts_epmd_src_epmd__srv.c
@@ -0,0 +1,33 @@
+
+$FreeBSD$
+
+--- erts/epmd/src/epmd_srv.c.orig
++++ erts/epmd/src/epmd_srv.c
+@@ -736,6 +736,7 @@
+ for (i = 0; i < g->max_conn; i++) {
+ if (g->conn[i].open == EPMD_FALSE) {
+ struct sockaddr_in si;
++ struct sockaddr_in di;
+ #ifdef HAVE_SOCKLEN_T
+ socklen_t st;
+ #else
+@@ -756,12 +757,16 @@
+ /* Determine if connection is from localhost */
+ if (getpeername(s->fd,(struct sockaddr*) &si,&st) ||
+ st < sizeof(si)) {
+- /* Failure to get peername is regarder as non local host */
++ /* Failure to get peername is regarded as non local host */
+ s->local_peer = EPMD_FALSE;
+ } else {
++ /* Only 127.x.x.x and connections from the host's IP address
++ allowed, no false positives */
+ s->local_peer =
+- ((((unsigned) ntohl(si.sin_addr.s_addr)) & 0xFF000000U) ==
+- 0x7F000000U); /* Only 127.x.x.x allowed, no false positives */
++ (((((unsigned) ntohl(si.sin_addr.s_addr)) & 0xFF000000U) ==
++ 0x7F000000U) ||
++ (getsockname(s->fd,(struct sockaddr*) &di,&st) ?
++ EPMD_FALSE : si.sin_addr.s_addr == di.sin_addr.s_addr));
+ }
+ dbg_tty_printf(g,2,(s->local_peer) ? "Local peer connected" :
+ "Non-local peer connected");