bug in masked_match function
Tomoki AONO
aono at cc.osaka-kyoiku.ac.jp
Fri Mar 14 20:24:21 GMT 2003
I found this suspisious case (and described shortly in
Samba-JP), so I'll explain more.
In <20030310164748.6f0dacc2.yasuma at miraclelinux.com>,
yasuma at miraclelinux.com wrote:
>> The masked_match function in lib/access.c is wrong.(CVS HEAD and 2_2)
This case matches if CIDR-like notation specified in hosts
allow/deny (ex. '10.0.0.0/23') only. This is not case if
specified with <network>/<subnet mask>. (ex. '10.0.0.0/255.255.254.0')
I cite more lines in lib/access.c:
33 if (strlen(slash + 1) > 2) {
34 mask = interpret_addr(slash + 1);
35 } else {
36 mask = (uint32)((ALLONES << atoi(slash + 1)) ^ ALLONES);
37 }
>> Example: hosts allow = 10.0.0.0/23
>>
>> This produces following result. This isn't mask.
>> mask = 0000 0000 0111 1111 1111 1111 1111 1111
In case '10.0.0.0/255.255.254.0', program execute line 34
and returns:
mask = 1111 1111 1111 1111 1111 1110 0000 0000
>> I don't know why this change was made.
>> http://cvs.samba.org/cgi-bin/cvsweb/samba/source/lib/access.c.diff?r1=1.19.4.12&r2=1.19.4.13
I think reverting change in line 36 (reverse shift
direction) or replacing '^'(XOR) to '&'(AND) would solve
this case. Am I right?
Patch (I prefer replacing '^' to '&') follows:
Index: lib/access.c
===================================================================
RCS file: /cvsroot/samba/source/lib/access.c,v
retrieving revision 1.35
diff -u -u -w -r1.35 access.c
--- lib/access.c 12 Nov 2002 23:15:49 -0000 1.35
+++ lib/access.c 14 Mar 2003 10:43:09 -0000
@@ -33,7 +33,7 @@
if (strlen(slash + 1) > 2) {
mask = interpret_addr(slash + 1);
} else {
- mask = (uint32)((ALLONES << atoi(slash + 1)) ^ ALLONES);
+ mask = (uint32)((ALLONES << atoi(slash + 1)) & ALLONES);
}
if (net == INADDR_NONE || mask == INADDR_NONE) {
----
Tomoki AONO (aono at cc.osaka-kyoiku.ac.jp)
More information about the samba-technical
mailing list