From nobody@FreeBSD.ORG Mon Aug 30 10:31:13 1999
Return-Path: <nobody@FreeBSD.ORG>
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id DF0D914DC2; Mon, 30 Aug 1999 10:31:13 -0700 (PDT)
Message-Id: <19990830173113.DF0D914DC2@hub.freebsd.org>
Date: Mon, 30 Aug 1999 10:31:13 -0700 (PDT)
From: rdemeyer@os.dhhs.gov
Sender: nobody@FreeBSD.ORG
To: freebsd-gnats-submit@freebsd.org
Subject: Maximum Number of IPs Permitted in the .../etc/hosts.allow file
X-Send-Pr-Version: www-1.0

>Number:         13474
>Category:       misc
>Synopsis:       Maximum Number of IPs Permitted in the .../etc/hosts.allow file
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Aug 30 10:40:00 PDT 1999
>Closed-Date:    Thu May 31 18:28:26 PDT 2001
>Last-Modified:  Sat Jun  2 18:10:00 PDT 2001
>Originator:     Russell A. DeMeyere
>Release:        FreeBSD 3.2
>Organization:
Department of Health and Human Services
>Environment:
FreeBSD cedar.hhs.gov 3.2-RELEASE FreeBSD 3.2 RELEASE #1: Wed Jun 9 12:55:56 EDT 1999   root@cedar.hhs.gov:/usr/src/sys/compile/CEDAR i386
>Description:
We find that when we exceed 52 registered IPs in the /etc/hosts.allow file, the o/s refuses to allow any user to log onto the system.
We have been unable to find any documentation referring to this limitation.  Attempts by our UNIX system administrators to develop "work-arounds" by fiddling with the source code and recompiling lead to more problems.

 
>How-To-Repeat:
Have 52 IP numbers in /etc/hosts.allow and every thing works fine.
Have 53 (or more) IP numbers in /etc/hosts.allow and no onw can log onto the server.
>Fix:


>Release-Note:
>Audit-Trail:

From: Sheldon Hearn <sheldonh@uunet.co.za>
To: rdemeyer@os.dhhs.gov
Cc: freebsd-gnats-submit@FreeBSD.ORG
Subject: Re: misc/13474: Maximum Number of IPs Permitted in the .../etc/hosts.allow file 
Date: Tue, 31 Aug 1999 09:34:11 +0200

 On Mon, 30 Aug 1999 10:31:13 MST, rdemeyer@os.dhhs.gov wrote:
 
 > >How-To-Repeat:
 > Have 52 IP numbers in /etc/hosts.allow and every thing works fine.  3
 > Have 5(or more) IP numbers in /etc/hosts.allow and no onw can log onto
 > Have 5the server.
 
 If you send me a sample hosts.allow which does not work for you, that'll
 help.
 
 I assume you know that, for /etc/hosts.allow to be used, you need the
 program linked against /usr/lib/libwrap.so.2 or it needs to be launched
 from inetd _without_ using tcpd .
 
 Ciao,
 Sheldon.
 
State-Changed-From-To: open->feedback 
State-Changed-By: dirk 
State-Changed-When: Wed Nov 8 13:19:00 PST 2000 
State-Changed-Why:  
Russell, please check if this problem still exists (with 4.1.1-RELEASE 
or higher) and send your hosts.allow if so. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=13474 
State-Changed-From-To: feedback->open 
State-Changed-By: dirk 
State-Changed-When: Wed Nov 8 15:20:36 PST 2000 
State-Changed-Why:  
mail to originator bounces. 8-| 

http://www.freebsd.org/cgi/query-pr.cgi?pr=13474 
State-Changed-From-To: open->feedback 
State-Changed-By: dd 
State-Changed-When: Thu May 31 18:24:15 PDT 2001 
State-Changed-Why:  
I can't reproduce this here; as others have said, the failing 
hosts.allow file would help. 


http://www.FreeBSD.org/cgi/query-pr.cgi?pr=13474 
State-Changed-From-To: feedback->closed 
State-Changed-By: dd 
State-Changed-When: Thu May 31 18:28:26 PDT 2001 
State-Changed-Why:  
Can't reproduce, and mail bounces. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=13474 

From: Doug Barton <DougB@DougBarton.net>
To: freebsd-gnats-submit@FreeBSD.org, rdemeyer@os.dhhs.gov
Cc:  
Subject: Re: misc/13474: Maximum Number of IPs Permitted in the 
 .../etc/hosts.allow file
Date: Sat, 02 Jun 2001 18:09:40 -0700

 It's probably hitting a buffer limit somewhere. There are several in the
 code that could be affecting your situation. You can easily avoid the
 problem by defining multiple lines for your services. 
 
 sshd : host1 host2 host3 ... : allow
 sshd : host53 host54 host55 ... : allow
 
 etc.
 
 HTH,
 
 Doug
>Unformatted:
