summaryrefslogtreecommitdiffstats
path: root/utils/statd/monitor.c
diff options
context:
space:
mode:
Diffstat (limited to 'utils/statd/monitor.c')
-rw-r--r--utils/statd/monitor.c29
1 files changed, 18 insertions, 11 deletions
diff --git a/utils/statd/monitor.c b/utils/statd/monitor.c
index 51075b5..5bedb3e 100644
--- a/utils/statd/monitor.c
+++ b/utils/statd/monitor.c
@@ -21,6 +21,7 @@
#include <arpa/inet.h>
#include <dirent.h>
+#include "sockaddr.h"
#include "rpcmisc.h"
#include "nsm.h"
#include "statd.h"
@@ -32,20 +33,26 @@ notify_list * rtnl = NULL; /* Run-time notify list. */
/*
* Reject requests from non-loopback addresses in order
* to prevent attack described in CERT CA-99.05.
+ *
+ * Although the kernel contacts the statd service via only IPv4
+ * transports, the statd service can receive other requests, such
+ * as SM_NOTIFY, from remote peers via IPv6.
*/
-static int
+static _Bool
caller_is_localhost(struct svc_req *rqstp)
{
- struct sockaddr_in *sin = nfs_getrpccaller_in(rqstp->rq_xprt);
- struct in_addr caller;
-
- caller = sin->sin_addr;
- if (caller.s_addr != htonl(INADDR_LOOPBACK)) {
- xlog_warn("Call to statd from non-local host %s",
- inet_ntoa(caller));
- return 0;
- }
- return 1;
+ struct sockaddr *sap = nfs_getrpccaller(rqstp->rq_xprt);
+ char buf[INET6_ADDRSTRLEN];
+
+ if (!nfs_is_v4_loopback(sap))
+ goto out_nonlocal;
+ return true;
+
+out_nonlocal:
+ if (!statd_present_address(sap, buf, sizeof(buf)))
+ buf[0] = '\0';
+ xlog_warn("SM_MON/SM_UNMON call from non-local host %s", buf);
+ return false;
}
/*