public inbox for linux-nfs@vger.kernel.org
 help / color / mirror / Atom feed
* [RFC][PATCH] relax insecure option on mountd (ver 2)
@ 2009-10-26 21:40 Robert Gordon
       [not found] ` <DE1C4ECC-6D4A-4EA6-A4FB-BE76E31C4A40-dkEPNP4dzOJBDgjK7y7TUQ@public.gmane.org>
  0 siblings, 1 reply; 2+ messages in thread
From: Robert Gordon @ 2009-10-26 21:40 UTC (permalink / raw)
  To: linux-nfs

In nfs-utils 1.2.0, I noticed that the insecure option validates that  
the client port is a
subset of IPPORT_RESERVED as opposed to just validating it is a valid
reserved port. The following proposed patch would correct that issue.

Signed-off-by: Robert Gordon <rbg-dkEPNP4dzOJBDgjK7y7TUQ@public.gmane.org>

--- ./utils/mountd/auth.c.orig
+++ ./utils/mountd/auth.c
@@ -169,8 +169,7 @@ auth_authenticate_internal(char *what, s
  		}
  	}
  	if (!(exp->m_export.e_flags & NFSEXP_INSECURE_PORT) &&
-		    (ntohs(caller->sin_port) <  IPPORT_RESERVED/2 ||
-		     ntohs(caller->sin_port) >= IPPORT_RESERVED)) {
+		     ntohs(caller->sin_port) >= IPPORT_RESERVED) {
  		*error = illegal_port;
  		return NULL;
  	}


^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2009-11-16 18:26 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-10-26 21:40 [RFC][PATCH] relax insecure option on mountd (ver 2) Robert Gordon
     [not found] ` <DE1C4ECC-6D4A-4EA6-A4FB-BE76E31C4A40-dkEPNP4dzOJBDgjK7y7TUQ@public.gmane.org>
2009-11-16 18:26   ` Steve Dickson

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox