From nobody@FreeBSD.ORG  Mon Jun 19 17:10:15 2000
Return-Path: <nobody@FreeBSD.ORG>
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 4F1C437B95F; Mon, 19 Jun 2000 17:10:15 -0700 (PDT)
Message-Id: <20000620001015.4F1C437B95F@hub.freebsd.org>
Date: Mon, 19 Jun 2000 17:10:15 -0700 (PDT)
From: isv@false.vmts.ru
Sender: nobody@FreeBSD.ORG
To: freebsd-gnats-submit@FreeBSD.org
Subject: non connect virtual hosting support in ftpd daemon
X-Send-Pr-Version: www-1.0

>Number:         19390
>Category:       bin
>Synopsis:       non connect virtual hosting support in ftpd daemon
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    davidn
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jun 19 17:20:00 PDT 2000
>Closed-Date:    Mon Jun 26 15:36:50 EST 2000
>Last-Modified:  Mon Jun 26 15:38:50 EST 2000
>Originator:     Sergey Ivanov
>Release:        Release 4.0
>Organization:
VMTS
>Environment:
4.0-RELEASE FreeBSD 4.0-RELEASE #0: Fri Jun 16 11:05:56 VLAST 2000 
>Description:
FreeBSD ftp daemon have bugs in "selecthost" function,
that causes not correct virtual hosting support.
I have detected that in FreeBSD release 4.0.

 selecthost(su)
        union sockunion *su;                                                     
 {                                                                               
...
       while (hrp != NULL) {
                for (hi = hrp->hostinfo; hi != NULL; hi = hi->ai_next)
              {                                                                  
               if (memcmp(su, hi->ai_addr, hi->ai_addrlen) == 0) {
>How-To-Repeat:
Add any vistual host to /etc/ftphosts with necessary rules, described in
man ftpd. and try login to this host as anonymous user. You will be wonder, because we will enter to base host ;)

>Fix:
--- ftpd.orig   Fri Jun 16 21:04:33 2000
+++ ftpd.c      Fri Jun 16 21:04:27 2000
@@ -772,6 +772,7 @@
 selecthost(su) 
        union sockunion *su;
 {
+        int find=0;
        struct ftphost  *hrp; 
        u_int16_t port;
 #ifdef INET6
@@ -792,11 +793,12 @@
        hrp = thishost = firsthost;     /* default */ 
        port = su->su_port;
        su->su_port = 0;
-       while (hrp != NULL) {
+       while (hrp != NULL && !find) {
                for (hi = hrp->hostinfo; hi != NULL; hi = hi->ai_next)
              {
-               if (memcmp(su, hi->ai_addr, hi->ai_addrlen) == 0) {
+               if (memcmp(&su->su_sin, hi->ai_addr, hi->ai_addrlen) == 0) {
                        thishost = hrp;
+                       find=1;
                        break;
                }
 #ifdef INET6
@@ -806,6 +808,7 @@ 
                            &((struct sockaddr_in *)hi->ai_addr)->sin_addr,
                            sizeof(struct in_addr)) == 0)) {
                        thishost = hrp; 
+                       find=1;
                        break;
                }
 #endif 



>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports->freebsd-bugs 
Responsible-Changed-By: knu 
Responsible-Changed-When: Thu Jun 22 20:09:11 JST 2000 
Responsible-Changed-Why:  
Misfiled PR. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=19390 
Responsible-Changed-From-To: freebsd-bugs->davidn 
Responsible-Changed-By: davidn 
Responsible-Changed-When: Fri Jun 23 15:35:47 EST 2000 
Responsible-Changed-Why:  
I first implemented this, so my bug 

http://www.freebsd.org/cgi/query-pr.cgi?pr=19390 
State-Changed-From-To: open->feedback 
State-Changed-By: davidn 
State-Changed-When: Fri Jun 23 15:49:40 EST 2000 
State-Changed-Why:  
Originator asked to produce an example of this failing. 
Patch supplied does not appear to be applicable. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=19390 
State-Changed-From-To: feedback->closed 
State-Changed-By: davidn 
State-Changed-When: Mon Jun 26 15:36:50 EST 2000 
State-Changed-Why:  
Fixed by: 
/home/ncvs/src/libexec/ftpd/ftpd.c,v  <--  ftpd.c 
new revision: 1.64; previous revision: 1.63 
done 

This fix is different from the diff supplied with the PR. It fixes 
the real problem, which was in parsing /etc/ftphosts and folding lines. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=19390 
>Unformatted:
 >>The su union have not compatible format with sockaddr struct.
 >>Therefore we do not find host which necessary
                         thishost = hrp;
                         break;
 >> When break cause we break the "FOR" cycle not the "while"
 >> Actually even if we find necessary hrp structure we do not break
 >> main "WHILE" cycle ;)
 
                 }
  #ifdef INET6                                                                    
                             &((struct sockaddr_in *)hi->ai_addr)->sin_addr,
                             sizeof(struct in_addr)) == 0)) {                     
                         thishost = hrp;                                          
                         break;
 >> Same problem like described above.
 
                 }                                                                
  #endif   
 
