[RFC][PATCH] relax insecure option on mountd (ver 2)

[RFC][PATCH] relax insecure option on mountd (ver 2)

[Robert Gordon]

In nfs-utils 1.2.0, I noticed that the insecure option validates that  
the client port is a
subset of IPPORT_RESERVED as opposed to just validating it is a valid
reserved port. The following proposed patch would correct that issue.

Signed-off-by: Robert Gordon <rbg-dkEPNP4dzOJBDgjK7y7TUQ@public.gmane.org>

--- ./utils/mountd/auth.c.orig
+++ ./utils/mountd/auth.c
@@ -169,8 +169,7 @@ auth_authenticate_internal(char *what, s
  		}
  	}
  	if (!(exp->m_export.e_flags & NFSEXP_INSECURE_PORT) &&
-		    (ntohs(caller->sin_port) <  IPPORT_RESERVED/2 ||
-		     ntohs(caller->sin_port) >= IPPORT_RESERVED)) {
+		     ntohs(caller->sin_port) >= IPPORT_RESERVED) {
  		*error = illegal_port;
  		return NULL;
  	}

Re: [RFC][PATCH] relax insecure option on mountd (ver 2)

[Steve Dickson]

On 10/26/2009 05:40 PM, Robert Gordon wrote:
> In nfs-utils 1.2.0, I noticed that the insecure option validates that
> the client port is a
> subset of IPPORT_RESERVED as opposed to just validating it is a valid
> reserved port. The following proposed patch would correct that issue.
> 
> Signed-off-by: Robert Gordon <rbg-dkEPNP4dzOJBDgjK7y7TUQ@public.gmane.org>
> 
> --- ./utils/mountd/auth.c.orig
> +++ ./utils/mountd/auth.c
> @@ -169,8 +169,7 @@ auth_authenticate_internal(char *what, s
>          }
>      }
>      if (!(exp->m_export.e_flags & NFSEXP_INSECURE_PORT) &&
> -            (ntohs(caller->sin_port) <  IPPORT_RESERVED/2 ||
> -             ntohs(caller->sin_port) >= IPPORT_RESERVED)) {
> +             ntohs(caller->sin_port) >= IPPORT_RESERVED) {
>          *error = illegal_port;
>          return NULL;
>      }
> 
Committed...

steved.