Malakh / Bugs / #2 allow and deny bug in server.c

#2 allow and deny bug in server.c

Status: open-accepted

Owner: Hermes

Labels: server (2)

Priority: 6

Updated: 2006-03-17

Created: 2006-03-15

Creator: Keith Larrimore

Private: No

There is a bug in server.c that allows unauthorized ips
to access the server. If a someone adds for instance:
10.10

-to their allow file, in an effort to allow only the
10.10 network to access.

-an attacker can still connect to the server from say
10.104.12.12. (same type of thing in deny).

the bug is on line 443 for deny and 511 for allow in
server.c, the function strstr() matches any ip that
contains part of the allow ip...

I'm also submitting a but report... I whipped up a
little code I think/hope will work better...

for allow:

if(strncmp(inet_ntoa(client.sin_addr), ip, strlen(ip))
== 0 && (*(inet_ntoa(client.sin_addr)+strlen(ip)) ==
'.' || !(*(inet_ntoa(client.sin_addr)+strlen(ip)) >= 48
&& *(inet_ntoa(client.sin_addr)+strlen(ip)) <= 57)))
{
perm_a=perm_a|1;
break;
}

or it could be broken down into multiple if statements,
but you get the idea....

Discussion

Keith Larrimore - 2006-03-15

priority: 5 --> 6
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Hermes - 2006-03-17

Logged In: YES
user_id=1275724

Infact if 10.10 match on 10.104.12.12, it's ok.
10.10. will match 10.0.0.0/16
The problem is that 10.10 will also match 172.10.10.1, 192.
16.10.10 which sux.
I'm thinking to change the format of allow/deny file in CIDR
format:
10.10.0.1/32

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Hermes - 2006-03-17

assigned_to: nobody --> h3rm32

status: open --> open-accepted
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

allow and deny bug in server.c

Group

Searches

Help

#2 allow and deny bug in server.c

Discussion