tcp_wrappers/tcp_wrappers-7.6-sig.patch

--- tcp_wrappers_7.6/hosts_access.c.sig	2003-02-10 16:18:31.000000000 +0100
+++ tcp_wrappers_7.6/hosts_access.c	2003-02-10 16:50:38.000000000 +0100
@@ -66,6 +66,7 @@
 
 #define	YES		1
 #define	NO		0
+#define ERR             -1
 
  /*
   * These variables are globally visible so that they can be redirected in
@@ -106,7 +107,6 @@
 struct request_info *request;
 {
     int     verdict;
-
     /*
      * If the (daemon, client) pair is matched by an entry in the file
      * /etc/hosts.allow, access is granted. Otherwise, if the (daemon,
@@ -129,9 +129,9 @@
 	return (verdict == AC_PERMIT);
     if (table_match(hosts_allow_table, request))
 	return (YES);
-    if (table_match(hosts_deny_table, request))
-	return (NO);
-    return (YES);
+    if (table_match(hosts_deny_table, request) == NO)
+	return (YES);
+    return (NO);
 }
 
 /* table_match - match table entries with (daemon, client) pair */
@@ -175,6 +175,7 @@
 	(void) fclose(fp);
     } else if (errno != ENOENT) {
 	tcpd_warn("cannot open %s: %m", table);
+	match = ERR;
     }
     if (match) {
 	if (hosts_access_verbose > 1)
auto-import changelog data from tcp_wrappers-7.6-34.src.rpm Sun Feb 16 2003 Florian La Roche <Florian.LaRoche@redhat.de> - use strerror #84312 Tue Feb 11 2003 Harald Hoyer <harald@redhat.de> 7.6-33 - revert Nalins weak version - link libwrap.so against libnsl, on which it depends Mon Feb 10 2003 Nalin Dahyabhai <nalin@redhat.com> 7.6-32 - link libwrap.so against libnsl, on which it depends - add default (weak) versions of allow_severity and deny_severity to the shared library so that configure tests can find it correctly Mon Feb 10 2003 Harald Hoyer <harald@redhat.de> 7.6-29 - shared library generated and added #75494 - added security patch tcp_wrappers-7.6-sig.patch - compile and link with -fPIC -DPIC Wed Jan 22 2003 Tim Powers <timp@redhat.com> - rebuilt Tue Jan 07 2003 Jeff Johnson <jbj@redhat.com> 7.6-25 - don't include -debuginfo files in package. Tue Nov 19 2002 Tim Powers <timp@redhat.com> - rebuild on all arches 2004-09-09 13:07:52 +00:00			`--- tcp_wrappers_7.6/hosts_access.c.sig 2003-02-10 16:18:31.000000000 +0100`
			`+++ tcp_wrappers_7.6/hosts_access.c 2003-02-10 16:50:38.000000000 +0100`
			`@@ -66,6 +66,7 @@`

			`#define YES 1`
			`#define NO 0`
			`+#define ERR -1`

			`/*`
			`* These variables are globally visible so that they can be redirected in`
			`@@ -106,7 +107,6 @@`
			`struct request_info *request;`
			`{`
			`int verdict;`
			`-`
			`/*`
			`* If the (daemon, client) pair is matched by an entry in the file`
			`* /etc/hosts.allow, access is granted. Otherwise, if the (daemon,`
			`@@ -129,9 +129,9 @@`
			`return (verdict == AC_PERMIT);`
			`if (table_match(hosts_allow_table, request))`
			`return (YES);`
			`- if (table_match(hosts_deny_table, request))`
			`- return (NO);`
			`- return (YES);`
			`+ if (table_match(hosts_deny_table, request) == NO)`
			`+ return (YES);`
			`+ return (NO);`
			`}`

			`/* table_match - match table entries with (daemon, client) pair */`
			`@@ -175,6 +175,7 @@`
			`(void) fclose(fp);`
			`} else if (errno != ENOENT) {`
			`tcpd_warn("cannot open %s: %m", table);`
			`+ match = ERR;`
			`}`
			`if (match) {`
			`if (hosts_access_verbose > 1)`