diff options
author | Rainer Gerhards <rgerhards@adiscon.com> | 2008-12-08 12:26:36 +0100 |
---|---|---|
committer | Rainer Gerhards <rgerhards@adiscon.com> | 2008-12-08 12:26:36 +0100 |
commit | b0317d31d98b17cd8b9b5d29f438191ac045cd33 (patch) | |
tree | 1e05eb1ab44b2cae8e48e3fb4365aaed65396355 /plugins/imgssapi/imgssapi.c | |
parent | 7cbbba198913ff3403116d2364d8765cfdd7f162 (diff) | |
download | rsyslog-b0317d31d98b17cd8b9b5d29f438191ac045cd33.tar.gz rsyslog-b0317d31d98b17cd8b9b5d29f438191ac045cd33.tar.xz rsyslog-b0317d31d98b17cd8b9b5d29f438191ac045cd33.zip |
backport of $AllowedSender security fixv3.18.6
- security bugfix: $AllowedSender was not honored, all senders were
permitted instead (see http://www.rsyslog.com/Article322.phtml)
(backport from v3-stable, v3.20.9)
- minor bugfix: dual close() call on tcp session closure
Diffstat (limited to 'plugins/imgssapi/imgssapi.c')
-rw-r--r-- | plugins/imgssapi/imgssapi.c | 14 |
1 files changed, 4 insertions, 10 deletions
diff --git a/plugins/imgssapi/imgssapi.c b/plugins/imgssapi/imgssapi.c index 74d5d5c5..f2b00d9d 100644 --- a/plugins/imgssapi/imgssapi.c +++ b/plugins/imgssapi/imgssapi.c @@ -172,10 +172,10 @@ isPermittedHost(struct sockaddr *addr, char *fromHostFQDN, void *pUsrSrv, void*p pGSess = (gss_sess_t*) pUsrSess; if((pGSrv->allowedMethods & ALLOWEDMETHOD_TCP) && - net.isAllowedSender(net.pAllowedSenders_TCP, addr, (char*)fromHostFQDN)) + net.isAllowedSender((uchar*)"TCP", addr, (char*)fromHostFQDN)) allowedMethods |= ALLOWEDMETHOD_TCP; if((pGSrv->allowedMethods & ALLOWEDMETHOD_GSS) && - net.isAllowedSender(net.pAllowedSenders_GSS, addr, (char*)fromHostFQDN)) + net.isAllowedSender((uchar*)"GSS", addr, (char*)fromHostFQDN)) allowedMethods |= ALLOWEDMETHOD_GSS; if(allowedMethods && pGSess != NULL) pGSess->allowedMethods = allowedMethods; @@ -645,14 +645,8 @@ ENDmodExit BEGINafterRun CODESTARTafterRun /* do cleanup here */ - if (net.pAllowedSenders_TCP != NULL) { - net.clearAllowedSenders (net.pAllowedSenders_TCP); - net.pAllowedSenders_TCP = NULL; - } - if (net.pAllowedSenders_GSS != NULL) { - net.clearAllowedSenders (net.pAllowedSenders_GSS); - net.pAllowedSenders_GSS = NULL; - } + net.clearAllowedSenders((uchar*)"TCP"); + net.clearAllowedSenders((uchar*)"GSS"); ENDafterRun |