CIDR notation bug (round 3?) (Re: CVS update: samba/source/lib)

aono at cc.osaka-kyoiku.ac.jp aono at cc.osaka-kyoiku.ac.jp
Fri Apr 25 14:59:57 GMT 2003


I subscribed digest list, so this reply is against
"samba-cvs Digest, Vol 4, Issue 50". (And sorry late for
this reply and for less knowledge.)

In <20030419120433.2CBC32C49B at lists.samba.org>,
samba-cvs-request at lists.samba.org wrote:

>> Date:	Fri Apr 18 14:56:29 2003
>> Author:	jerry
>> 
>> Update of /data/cvs/samba/source/lib
>> In directory dp.samba.org:/tmp/cvs-serv2346/lib
>> 
>> Modified Files:
>> 	access.c 
>> Log Message:
>> fix byte ordering when using CIDR notation in hosts allow/deny; spotted by Eloy Paris

Previous fix is (kindly) merged in samba-2.2.7b-ja-1.0 (==
2.2.7a + recent two security fix + enhancement on Japanese
characters + other cleanup). After this release I heard
(on samba-jp mailing list) it cannot work on x86 platform.
With some thought inspired by follow-up mail (and simple
test), we need to change byte order in this case.

But I think location of htonl() in recent commit (1.37
etc.) is wrong. (ex. 192.168.0.0/255.255.255.0 may not
match host 192.168.0.1 on some platforms (including x86).)
I found similar code in interpret_interface() in
lib/interface.c , so (more) correct fix is:

Index: lib/access.c
===================================================================
RCS file: /cvsroot/samba/source/lib/access.c,v
retrieving revision 1.37
diff -u -u -w -r1.37 access.c
--- lib/access.c	18 Apr 2003 14:56:29 -0000	1.37
+++ lib/access.c	25 Apr 2003 05:37:25 -0000
@@ -33,17 +33,13 @@
         if (strlen(slash + 1) > 2) {
                 mask = interpret_addr(slash + 1);
         } else {
-		mask = (uint32)((ALLONES >> atoi(slash + 1)) ^ ALLONES);
+		mask = htonl((uint32) ((ALLONES >> atoi(slash + 1)) ^ ALLONES));
         }
 
 	if (net == INADDR_NONE || mask == INADDR_NONE) {
 		DEBUG(0,("access: bad net/mask access control: %s\n", tok));
 		return (False);
 	}
-	
-	/* convert to network byte order */
-	mask = htonl(mask);
-	
 	return ((addr & mask) == net);
 }
 

I hope this is the last fix on this area ...
----
Tomoki AONO	(aono at cc.osaka-kyoiku.ac.jp)


More information about the samba-technical mailing list