aboutsummaryrefslogtreecommitdiffstats
path: root/erts
diff options
context:
space:
mode:
authorMichael Santos <[email protected]>2010-11-24 19:38:04 -0500
committerBjörn Gustavsson <[email protected]>2010-11-26 15:37:13 +0100
commit5b68030b9d57a839ad798415f30936660ca83904 (patch)
tree5f095cbe92a537a03500aa8b6765b1101ed1685f /erts
parentdf277325374eb49198e907fd19854058c211bf3d (diff)
downloadotp-5b68030b9d57a839ad798415f30936660ca83904.tar.gz
otp-5b68030b9d57a839ad798415f30936660ca83904.tar.bz2
otp-5b68030b9d57a839ad798415f30936660ca83904.zip
epmd: include host address in local access check
In FreeBSD jails, the source and destination address of connections to localhost are changed to be the IP address of the jail. Consider connections from the host's IP address to itself (e.g., the source and destination address match) to be local for the access control checks. Reported-By: [email protected]
Diffstat (limited to 'erts')
-rw-r--r--erts/epmd/src/epmd_srv.c11
1 files changed, 8 insertions, 3 deletions
diff --git a/erts/epmd/src/epmd_srv.c b/erts/epmd/src/epmd_srv.c
index ef471a473a..ace736b836 100644
--- a/erts/epmd/src/epmd_srv.c
+++ b/erts/epmd/src/epmd_srv.c
@@ -736,6 +736,7 @@ static int conn_open(EpmdVars *g,int fd)
for (i = 0; i < g->max_conn; i++) {
if (g->conn[i].open == EPMD_FALSE) {
struct sockaddr_in si;
+ struct sockaddr_in di;
#ifdef HAVE_SOCKLEN_T
socklen_t st;
#else
@@ -756,12 +757,16 @@ static int conn_open(EpmdVars *g,int fd)
/* Determine if connection is from localhost */
if (getpeername(s->fd,(struct sockaddr*) &si,&st) ||
st < sizeof(si)) {
- /* Failure to get peername is regarder as non local host */
+ /* Failure to get peername is regarded as non local host */
s->local_peer = EPMD_FALSE;
} else {
+ /* Only 127.x.x.x and connections from the host's IP address
+ allowed, no false positives */
s->local_peer =
- ((((unsigned) ntohl(si.sin_addr.s_addr)) & 0xFF000000U) ==
- 0x7F000000U); /* Only 127.x.x.x allowed, no false positives */
+ (((((unsigned) ntohl(si.sin_addr.s_addr)) & 0xFF000000U) ==
+ 0x7F000000U) ||
+ (getsockname(s->fd,(struct sockaddr*) &di,&st) ?
+ EPMD_FALSE : si.sin_addr.s_addr == di.sin_addr.s_addr));
}
dbg_tty_printf(g,2,(s->local_peer) ? "Local peer connected" :
"Non-local peer connected");