diff options
| author | Rainer Gerhards <rgerhards@adiscon.com> | 2008-11-29 07:22:48 +0100 |
|---|---|---|
| committer | Rainer Gerhards <rgerhards@adiscon.com> | 2008-11-29 07:22:48 +0100 |
| commit | f0ddbed44c332391ae6d9bbf6b07e2f06c4dd676 (patch) | |
| tree | b6d2ba495ba6e6843ac1cd6be6f858783d2019d8 /plugins/imgssapi | |
| parent | ae5902a24483102840ad6c3d6ee3cb5d6e8df791 (diff) | |
| download | rsyslog-f0ddbed44c332391ae6d9bbf6b07e2f06c4dd676.tar.gz rsyslog-f0ddbed44c332391ae6d9bbf6b07e2f06c4dd676.tar.xz rsyslog-f0ddbed44c332391ae6d9bbf6b07e2f06c4dd676.zip | |
security bugfix: $AllowedSender was not honored,
...all senders were permitted instead
Diffstat (limited to 'plugins/imgssapi')
| -rw-r--r-- | plugins/imgssapi/imgssapi.c | 14 |
1 files changed, 4 insertions, 10 deletions
diff --git a/plugins/imgssapi/imgssapi.c b/plugins/imgssapi/imgssapi.c index 766cb519..d00c51d6 100644 --- a/plugins/imgssapi/imgssapi.c +++ b/plugins/imgssapi/imgssapi.c @@ -174,10 +174,10 @@ isPermittedHost(struct sockaddr *addr, char *fromHostFQDN, void *pUsrSrv, void*p pGSess = (gss_sess_t*) pUsrSess; if((pGSrv->allowedMethods & ALLOWEDMETHOD_TCP) && - net.isAllowedSender(net.pAllowedSenders_TCP, addr, (char*)fromHostFQDN)) + net.isAllowedSender((uchar*)"TCP", addr, (char*)fromHostFQDN)) allowedMethods |= ALLOWEDMETHOD_TCP; if((pGSrv->allowedMethods & ALLOWEDMETHOD_GSS) && - net.isAllowedSender(net.pAllowedSenders_GSS, addr, (char*)fromHostFQDN)) + net.isAllowedSender((uchar*)"GSS", addr, (char*)fromHostFQDN)) allowedMethods |= ALLOWEDMETHOD_GSS; if(allowedMethods && pGSess != NULL) pGSess->allowedMethods = allowedMethods; @@ -656,14 +656,8 @@ ENDmodExit BEGINafterRun CODESTARTafterRun /* do cleanup here */ - if (net.pAllowedSenders_TCP != NULL) { - net.clearAllowedSenders (net.pAllowedSenders_TCP); - net.pAllowedSenders_TCP = NULL; - } - if (net.pAllowedSenders_GSS != NULL) { - net.clearAllowedSenders (net.pAllowedSenders_GSS); - net.pAllowedSenders_GSS = NULL; - } + net.clearAllowedSenders((uchar*)"TCP"); + net.clearAllowedSenders((uchar*)"GSS"); ENDafterRun |