I was going through loose ends. This seems to be the only serious one
left that I can find --- it keeps "allow from good.com" from letting
in clients from nogood.com (because the terminal substring matches);
it also cures a similar problem with IP address authentication, albeit
one which is harder to exploit.
rst
*** mod_access.c~ Tue Oct 10 18:01:50 1995
--- mod_access.c Wed Nov 8 12:59:14 1995
***************
*** 141,154 ****
int dl=strlen(domain);
int wl=strlen(what);
! if((wl-dl) >= 0)
! return(!strcmp(domain,&what[wl-dl]));
! else
return 0;
}
int in_ip(char *domain, char *what) {
! return(!strncmp(domain,what,strlen(domain)));
}
int find_allowdeny (conn_rec *c, array_header *a, int method)
--- 141,170 ----
int dl=strlen(domain);
int wl=strlen(what);
! if((wl-dl) >= 0) {
! if (strcmp(domain,&what[wl-dl]) != 0) return 0;
!
! /* Make sure we matched an *entire* subdomain --- if the user
! * said 'allow from good.com', we don't want people from nogood.com
! * to be able to get in.
! */
!
! if (wl == dl) return 1; /* matched whole thing */
! else return (domain[0] == '.' || what[wl - dl - 1] == '.');
! } else
return 0;
}
int in_ip(char *domain, char *what) {
!
! /* Check a similar screw case to the one checked above ---
! * "allow from 204.26.2" shouldn't let in people from 204.26.23
! */
!
! int l = strlen(domain);
! if (strncmp(domain,what,l) != 0) return 0;
! if (domain[l - 1] == '.') return 1;
! return (what[l] == '\0' || what[l] == '.');
}
int find_allowdeny (conn_rec *c, array_header *a, int method)
left that I can find --- it keeps "allow from good.com" from letting
in clients from nogood.com (because the terminal substring matches);
it also cures a similar problem with IP address authentication, albeit
one which is harder to exploit.
rst
*** mod_access.c~ Tue Oct 10 18:01:50 1995
--- mod_access.c Wed Nov 8 12:59:14 1995
***************
*** 141,154 ****
int dl=strlen(domain);
int wl=strlen(what);
! if((wl-dl) >= 0)
! return(!strcmp(domain,&what[wl-dl]));
! else
return 0;
}
int in_ip(char *domain, char *what) {
! return(!strncmp(domain,what,strlen(domain)));
}
int find_allowdeny (conn_rec *c, array_header *a, int method)
--- 141,170 ----
int dl=strlen(domain);
int wl=strlen(what);
! if((wl-dl) >= 0) {
! if (strcmp(domain,&what[wl-dl]) != 0) return 0;
!
! /* Make sure we matched an *entire* subdomain --- if the user
! * said 'allow from good.com', we don't want people from nogood.com
! * to be able to get in.
! */
!
! if (wl == dl) return 1; /* matched whole thing */
! else return (domain[0] == '.' || what[wl - dl - 1] == '.');
! } else
return 0;
}
int in_ip(char *domain, char *what) {
!
! /* Check a similar screw case to the one checked above ---
! * "allow from 204.26.2" shouldn't let in people from 204.26.23
! */
!
! int l = strlen(domain);
! if (strncmp(domain,what,l) != 0) return 0;
! if (domain[l - 1] == '.') return 1;
! return (what[l] == '\0' || what[l] == '.');
}
int find_allowdeny (conn_rec *c, array_header *a, int method)