Attachment #7066 for bug #15575

View | Details | Raw Unified | Return to bug 15575
Collapse All | Expand All




--- sockd/sockd_io.c.orig	Thu Sep  2 12:53:05 1999
+++ sockd/sockd_io.c	Sun Dec 19 21:37:35 1999
@@ -44,7 +44,7 @@
 #include "common.h"
 
 static const char rcsid[] =
-"$Id: sockd_io.c,v 1.159 1999/09/02 10:42:04 michaels Exp $";
+"$Id: sockd_io.c,v 1.162 1999/12/16 09:01:25 michaels Exp $";
 
 /*
  * Accept io objects from mother and does io on them.  We never
@@ -819,8 +819,8 @@
 
 				/*
 				 * If client hasn't sent us it's address yet we have to
-				 * assume the first packet is from is it.  Client can only
-				 * blame itself if not.
+				 * assume the first packet is from is it.
+				 * Client can only blame itself if not.
 				 */
 				if (io->in.raddr.sin_addr.s_addr == htonl(INADDR_ANY)
 				||  io->in.raddr.sin_port == htons(0)) {
@@ -836,30 +836,19 @@
 					
 					/* LINTED pointer casts may be troublesome */
 					sockaddr2sockshost((struct sockaddr *)&io->in.raddr, &io->src);
-
-					/*
-					 * Do a rulecheck here with destination set to NULL, 
-					 * if that isn't permitted nothing else is either from
-					 * this source so disconnect it.
-					 */
-					if (!rulespermit(io->in.s, &io->rule, &io->state, &io->src,
-					NULL)) {
-						delete_io(mother, io, io->in.s, IO_SRCBLOCK);
-						return;
-					}
 				}
 
 				/*
-				 * When we receive the first packet we also have a fixed
-				 * source so connect the socket, both for better performance
-				 * and so that getpeername() will work on it, for
-				 * libwrap/rulespermit(). 
+				 * When we receive the first packet we also have a fixed source
+				 * so connect the socket, both for better performance and so
+				 * that getpeername() will work on it (libwrap/rulespermit()). 
 				 */
-				if (io->in.read == 0) { /* could happend more than once, but ok. */
+				if (io->in.read == 0) { /* could happen more than once, but ok. */
 					/* LINTED pointer casts may be troublesome */
 					if (!sockaddrareeq((struct sockaddr *)&io->in.raddr, &from)) {
 						char src[MAXSOCKADDRSTRING], dst[MAXSOCKADDRSTRING];
 
+						/* perhaps this should be LOG_DEBUG. */
 						slog(LOG_NOTICE,
 						"%s(0): %s: expected from %s, got it from %s",
 						VERDICT_BLOCKs, protocol2string(io->state.protocol),
@@ -871,6 +860,17 @@
 
 					if (connect(io->in.s, &from, sizeof(from)) != 0) {
 						delete_io(mother, io, io->in.s, IO_ERROR);
+						return;
+					}
+
+					/*
+					 * Do a rulecheck here with destination set to NULL.
+					 * If that isn't permitted nothing else is either from
+					 * this source so might as well disconnect it.
+					 */
+					if (!rulespermit(io->in.s, &io->rule, &io->state, &io->src,
+					NULL)) {
+						delete_io(mother, io, io->in.s, IO_SRCBLOCK);
 						return;
 					}
 				}

Return to bug 15575

Line 0 Link Here

(-)dante/patches/patch-aa (+76 lines)
		1	--- sockd/sockd_io.c.orig Thu Sep 2 12:53:05 1999
		2	+++ sockd/sockd_io.c Sun Dec 19 21:37:35 1999
		3	@@ -44,7 +44,7 @@
		4	#include "common.h"
		5
		6	static const char rcsid[] =
		7	-"$Id: sockd_io.c,v 1.159 1999/09/02 10:42:04 michaels Exp $";
		8	+"$Id: sockd_io.c,v 1.162 1999/12/16 09:01:25 michaels Exp $";
		9
		10	/*
		11	* Accept io objects from mother and does io on them. We never
		12	@@ -819,8 +819,8 @@
		13
		14	/*
		15	* If client hasn't sent us it's address yet we have to
		16	- * assume the first packet is from is it. Client can only
		17	- * blame itself if not.
		18	+ * assume the first packet is from is it.
		19	+ * Client can only blame itself if not.
		20	*/
		21	if (io->in.raddr.sin_addr.s_addr == htonl(INADDR_ANY)
		22	\|\| io->in.raddr.sin_port == htons(0)) {
		23	@@ -836,30 +836,19 @@
		24
		25	/* LINTED pointer casts may be troublesome */
		26	sockaddr2sockshost((struct sockaddr *)&io->in.raddr, &io->src);
		27	-
		28	- /*
		29	- * Do a rulecheck here with destination set to NULL,
		30	- * if that isn't permitted nothing else is either from
		31	- * this source so disconnect it.
		32	- */
		33	- if (!rulespermit(io->in.s, &io->rule, &io->state, &io->src,
		34	- NULL)) {
		35	- delete_io(mother, io, io->in.s, IO_SRCBLOCK);
		36	- return;
		37	- }
		38	}
		39
		40	/*
		41	- * When we receive the first packet we also have a fixed
		42	- * source so connect the socket, both for better performance
		43	- * and so that getpeername() will work on it, for
		44	- * libwrap/rulespermit().
		45	+ * When we receive the first packet we also have a fixed source
		46	+ * so connect the socket, both for better performance and so
		47	+ * that getpeername() will work on it (libwrap/rulespermit()).
		48	*/
		49	- if (io->in.read == 0) { /* could happend more than once, but ok. */
		50	+ if (io->in.read == 0) { /* could happen more than once, but ok. */
		51	/* LINTED pointer casts may be troublesome */
		52	if (!sockaddrareeq((struct sockaddr *)&io->in.raddr, &from)) {
		53	char src[MAXSOCKADDRSTRING], dst[MAXSOCKADDRSTRING];
		54
		55	+ /* perhaps this should be LOG_DEBUG. */
		56	slog(LOG_NOTICE,
		57	"%s(0): %s: expected from %s, got it from %s",
		58	VERDICT_BLOCKs, protocol2string(io->state.protocol),
		59	@@ -871,6 +860,17 @@
		60
		61	if (connect(io->in.s, &from, sizeof(from)) != 0) {
		62	delete_io(mother, io, io->in.s, IO_ERROR);
		63	+ return;
		64	+ }
65	+
66	+ /*
67	+ * Do a rulecheck here with destination set to NULL.
68	+ * If that isn't permitted nothing else is either from
69	+ * this source so might as well disconnect it.
70	+ */
71	+ if (!rulespermit(io->in.s, &io->rule, &io->state, &io->src,
72	+ NULL)) {
73	+ delete_io(mother, io, io->in.s, IO_SRCBLOCK);
74	return;
75	}
76	}