105215 – very long lines in /etc/host.deny cause clients be accepted

Bug 105215 - very long lines in /etc/host.deny cause clients be accepted

Summary: very long lines in /etc/host.deny cause clients be accepted

Status:	RESOLVED INVALID

Alias:	None

Product:	SUSE LINUX 10.0
Classification:	openSUSE
Component:	Network (show other bugs)
Version:	Beta 1
Hardware:	Other All

Priority:	P5 - None Severity: Minor
Target Milestone:	---
Assignee:	Petr Ostadal
QA Contact:	E-mail List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2005-08-17 14:35 UTC by Michal Marek
Modified:	2005-08-23 00:26 UTC (History)
CC List:	0 users

See Also:
Found By:	Component Test
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
a long line with DENY, which in fact allows access (2.16 KB, text/plain) 2005-08-17 14:37 UTC, Michal Marek	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michal Marek 2005-08-17 14:35:43 UTC

If there is a _very_ long line (2048 bytes) in /etc/host.{allow,deny},
the library allows connections regardles of the line. Just a warning is
sent to syslog. A more reasonable behavior would be to deny connections
when the config file cannot be parsed.

Of course, the config file is created by the system administrator, so
it's his responsibility to test the configuration. And such a long line
will be rarely needed.

Comment 1 Michal Marek 2005-08-17 14:37:39 UTC

Created attachment 46325 [details]
a long line with DENY, which in fact allows access

An example

Comment 2 Petr Ostadal 2005-08-23 00:26:08 UTC

This behaviour is used on all platforms with tcp_wrapper a long time and change
it may confuse current administrators.

For checking config files, they have to use tcpdchk utility (man tcpdchk(8)).