Bugfixes for OS_IPFound, OS_IPFoundList, OS_IsValidIP.#920
Merged
ddpbsd merged 1 commit intoossec:masterfrom Aug 11, 2016
Merged
Bugfixes for OS_IPFound, OS_IPFoundList, OS_IsValidIP.#920ddpbsd merged 1 commit intoossec:masterfrom
ddpbsd merged 1 commit intoossec:masterfrom
Conversation
OS_IsValidIP violated it's `const` constraint when the ip_addr element was set to 'any'. This caused some unexplained behavior when subsequent calls. This is corrected. OS_IPFound and OS_IPFoundList where call sacmp(), but if OS_IsValidIP was called with "any", the sockaddr_store.ss_family would be AF_INET6. AFAICT, this meant any comparison of "any" to an IPv4 address would fail. This affected the ossec-remoted when validating IPv4 keys issued by authd which set 'any' as the IP address to verify. This would also cause failures *everywhere* in the rules, analysis, exec, and activeresponse code where the src/dst IP being compared to any was IPv4.
Member
Author
|
Testing this on my infrastructure to ensure it's the last bug in 2.9 that's breaking the OSSEC/authd stuff. |
atomicturtle
added a commit
to atomicturtle/ossec-hids
that referenced
this pull request
Aug 31, 2016
Signed-off-by: Scott R. Shinn <scott@atomicorp.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
OS_IsValidIP violated it's
constconstraint when the ip_addr elementwas set to 'any'. This caused some unexplained behavior when subsequent
calls. This is corrected.
OS_IPFound and OS_IPFoundList where call sacmp(), but if OS_IsValidIP
was called with "any", the sockaddr_store.ss_family would be AF_INET6.
AFAICT, this meant any comparison of "any" to an IPv4 address would
fail. This affected the ossec-remoted when validating IPv4 keys issued
by authd which set 'any' as the IP address to verify.
This would also cause failures everywhere in the rules, analysis,
exec, and activeresponse code where the src/dst IP being compared to any
was IPv4.