Package: tcpd
Version: 7.6.dbs-12
Followup-For: Bug #283561
I wrote a small and dirty patch to implement the suggested solution. I'm
kind of at a loss on how to test it though. Maybe someone else can check
if it doesn't break the thing entirely. Should be attached.
greets,
Wim
--- tcp_wrappers_7.6/socket.c 2007-02-15 21:31:44.000000000 +0100
+++ tcp_wrappers_7.6.new/socket.c 2007-02-15 21:39:56.000000000 +0100
@@ -273,10 +273,15 @@
host->name,
(sin->sa_family == AF_INET) ? "AF_INET" : "AF_INET6");
- } else if ((res0->ai_canonname == NULL
- || STR_NE(host->name, res0->ai_canonname))
+ } else {
+ res = res0;
+ while ((res->ai_canonname == NULL
+ || STR_NE(host->name, res->ai_canonname))
&& STR_NE(host->name, "localhost")) {
+ res = res->ai_next;
+ }
+ if (res == NULL) {
/*
* The gethostbyaddr() and gethostbyname() calls did not return
* the same hostname. This could be a nameserver configuration
@@ -286,8 +291,7 @@
tcpd_warn("host name/name mismatch: %s != %.*s",
host->name, STRING_LENGTH,
(res0->ai_canonname == NULL) ? "" : res0->ai_canonname);
-
- } else {
+ } else {
/*
* The address should be a member of the address list returned by
@@ -331,6 +335,7 @@
tcpd_warn("host name/address mismatch: %s != %.*s",
hname, STRING_LENGTH,
(res0->ai_canonname == NULL) ? "" : res0->ai_canonname);
+ }
}
strcpy(host->name, paranoid); /* name is bad, clobber it */
if (res0)
