From: Guy Harris Date: Thu, 10 Jan 2019 05:51:50 +0000 (-0800) Subject: Properly check the return status of sock_check_hostlist(). X-Git-Tag: libpcap-1.10-bp~635 X-Git-Url: https://git.tcpdump.org/libpcap/commitdiff_plain/0bc1785ff8b491195679629e949a738fa0a21ce6 Properly check the return status of sock_check_hostlist(). It's not a boolean with 0 meaning "host not authorized" and 1 meaning "host authorized"; it's negative if we shouldn't let them connect, with -1 meaning "not in the host list" and -2 meaning "an error occurred in the process of checking", and non-negative if we should let them connect, with 0 meaning "they're in the host list" and 1 meaning "the host list is empty, so we're letting everybody in". --- diff --git a/rpcapd/daemon.c b/rpcapd/daemon.c index 75d4ccca..b6e1de7c 100644 --- a/rpcapd/daemon.c +++ b/rpcapd/daemon.c @@ -149,7 +149,7 @@ daemon_serviceloop(SOCKET sockctrl, int isactive, char *passiveClients, struct daemon_slpars pars; // service loop parameters char errbuf[PCAP_ERRBUF_SIZE + 1]; // keeps the error string, prior to be printed char errmsgbuf[PCAP_ERRBUF_SIZE + 1]; // buffer for errors to send to the client - int host_port_ok; + int host_port_check_status; SSL *ssl = NULL; int nrecv; struct rpcap_header header; // RPCAP message general header @@ -258,13 +258,13 @@ daemon_serviceloop(SOCKET sockctrl, int isactive, char *passiveClients, // // Are they in the list of host/port combinations we allow? // - host_port_ok = (sock_check_hostlist(passiveClients, RPCAP_HOSTLIST_SEP, &from, errmsgbuf, PCAP_ERRBUF_SIZE) == 0); + host_port_check_status = sock_check_hostlist(passiveClients, RPCAP_HOSTLIST_SEP, &from, errmsgbuf, PCAP_ERRBUF_SIZE); free(passiveClients); passiveClients = NULL; - if (!host_port_ok) + if (host_port_check_status < 0) { // - // Sorry, you're not on the guest list. + // Sorry, we can't let you in. // if (rpcap_senderror(pars.sockctrl, pars.ssl, 0, PCAP_ERR_HOSTNOAUTH, errmsgbuf, errbuf) == -1) rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);