diff options
| author |   schwarze <schwarze@openbsd.org> | 2018-04-26 12:48:10 +0000 |
|---|---|---|
| committer | schwarze <schwarze@openbsd.org> | 2018-04-26 12:48:10 +0000 |
| commit | eda2877a92c02290da574cd1c47b4f6b00e057d7 (patch) | |
| tree | 8a521c3104fd9cfced0f4c74797b9a86b875a1e9 | |
| parent | Reorder trapframe/intrframe to put %rbp next to %rip and make it (diff) | |
| download | wireguard-openbsd-eda2877a92c02290da574cd1c47b4f6b00e057d7.tar.xz wireguard-openbsd-eda2877a92c02290da574cd1c47b4f6b00e057d7.zip | |
Do not call getnetbyname(3) when parsing securenet(5) and ypserv.acl(5).
If anybody still uses these files, specify networks with numbers in there.
This is part of the project to delete /etc/networks support.
OK deraadt@
| -rw-r--r-- | usr.sbin/ypserv/ypserv/acl.c | 48 | ||||
| -rw-r--r-- | usr.sbin/ypserv/ypserv/ypserv.acl | 8 |
2 files changed, 13 insertions, 43 deletions
diff --git a/usr.sbin/ypserv/ypserv/acl.c b/usr.sbin/ypserv/ypserv/acl.c index 468945bb4a9..75d8a7ee8de 100644 --- a/usr.sbin/ypserv/ypserv/acl.c +++ b/usr.sbin/ypserv/ypserv/acl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: acl.c,v 1.15 2013/12/04 02:18:05 deraadt Exp $ */ +/* $OpenBSD: acl.c,v 1.16 2018/04/26 12:48:10 schwarze Exp $ */ /* * Copyright (c) 1994 Mats O Jansson <moj@stacken.kth.se> @@ -138,7 +138,6 @@ acl_init(char *file) int allow = TRUE, error_cnt = 0; struct in_addr addr, mask, *host_addr; struct hostent *host; - struct netent *net; FILE *data_file = NULL; if (file != NULL) @@ -262,15 +261,8 @@ acl_init(char *file) if (*k >= '0' && *k <= '9') { (void)inet_aton(k, &addr); state = state + ACLD_NET_DONE; - } else { - net = getnetbyname(k); - if (net == NULL) { - state = ACLE_NONET; - } else { - addr.s_addr = ntohl(net->n_net); - state = state + ACLD_NET_DONE; - } - } + } else + state = ACLE_NONET; } } @@ -338,15 +330,8 @@ acl_init(char *file) if (*k >= '0' && *k <= '9') { (void)inet_aton(k, &mask); state = state + ACLD_NET_EOL; - } else { - net = getnetbyname(k); - if (net == NULL) { - state = ACLE_NONET; - } else { - mask.s_addr = ntohl(net->n_net); - state = state + ACLD_NET_EOL; - } - } + } else + state = ACLE_NONET; } } @@ -424,7 +409,6 @@ acl_securenet(char *file) int line_no = 0, len, i, allow = TRUE, state; int error_cnt = 0; struct in_addr addr, mask; - struct netent *net; FILE *data_file = NULL; if (file != NULL) @@ -468,15 +452,8 @@ acl_securenet(char *file) if (*k >= '0' && *k <= '9') { (void)inet_aton(k, &mask); state = ACLS_ALLOW_NET; - } else { - net = getnetbyname(k); - if (net == NULL) { - state = ACLE_NONET; - } else { - mask.s_addr = ntohl(net->n_net); - state = ACLS_ALLOW_NET; - } - } + } else + state = ACLE_NONET; k = p; /* save start of verb */ i = 0; @@ -497,15 +474,8 @@ acl_securenet(char *file) if (*k >= '0' && *k <= '9') { (void)inet_aton(k, &addr); state = ACLS_ALLOW_NET_EOL; - } else { - net = getnetbyname(k); - if (net == NULL) { - state = ACLE_NONET; - } else { - addr.s_addr = ntohl(net->n_net); - state = ACLS_ALLOW_NET_EOL; - } - } + } else + state = ACLE_NONET; } if (state == ACLS_ALLOW_NET) diff --git a/usr.sbin/ypserv/ypserv/ypserv.acl b/usr.sbin/ypserv/ypserv/ypserv.acl index fc78be31fe9..94320bbd339 100644 --- a/usr.sbin/ypserv/ypserv/ypserv.acl +++ b/usr.sbin/ypserv/ypserv/ypserv.acl @@ -19,11 +19,11 @@ deny host jodie ############################################################################# # This is the commands that will match a network # -# allow net <netname|netnumber> [netmask <netname|netnumber>] -# deny net <netname|netnumber> [netmask <netname|netnumber>] +# allow net <netnumber> [netmask <netnumber>] +# deny net <netnumber> [netmask <netnumber>] # -# To process netname getnetbyname is called, and inet_aton is used for -# netnumber. inet_aton both access numbers as 255.255.255.0 and 0xffffff00. +# inet_aton is used for netnumber. +# inet_aton both access numbers as 255.255.255.0 and 0xffffff00. # # If netmask isn't given the parser will assume netmask from the first bits # of the network number. So if the network is subneted the you have to add |