secnet 0.2.1 - authbind fix

Sun Dec 11 14:11:37 GMT 2011

I wrote:
> We are pleased to announce the release of secnet 0.2.0.

secnet 0.2.0 contains a bug which makes it not work with authbind.
(This same bug is in 0.1.16 to 0.1.18.1 inclusive.)

This is fixed in secnet 0.2.1.  A copy of the relevant patch is below,
in case you need to apply it to 0.1.18.1; we do not currently plan to
make a new 0.1.18.x release especially for this fix.

Sources and .deb binaries (built on Debian lenny) can be found here:
 http://www.chiark.greenend.org.uk/~ianmdlvl/secnet/download/

The git repository is here:
 http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git/secnet.git/

chiark's secnet has already (really, this time) been upgraded to 0.2.1.

Ian.


commit 51b259535294bb46757a040596ab052e53f29483
Author: Ian Jackson <ijackson at chiark.greenend.org.uk>
Date:   Sun Dec 11 12:40:37 2011 +0000

    authbind: get endianness right (again)
    
    It appears that:
    
     * authbind's documentation authbind-helper(8) describes the
       endianness convention of authbind's helper program incorrectly.
       See Debian #651694.
    
     * The version of secnet 0.1.16 tagged as such in revision control
       contains a "fix" which was based on the authbind documentation but
       not apparently tested against authbind.  Ie, this part from NEWS:
        4) Change the endianess of the arguments to authbind-helper.
           sprintf("%04X") already translates from machine repesentation to most
           significant octet first so htons reversed it again.
    
     * The version of secnet 0.1.16 actually in service on chiark had an
       out-of-version-control change to udp.c to make it work with
       chiark's authbind 1.2.0.  The actual code found has been recorded
       on the dead branch "chiark-0.1.16" in the master git repo, but the
       version of udp.c is exactly that from 0.1.15 so it looks like we
       just reverted to the previous udp.c during deployment of 0.1.16.
    
     * We (re)discovered all this after the release of secnet 0.2.0
       because my attempt to deploy 0.2.0 on chiark was not actually
       effective.
    
    Therefore, undo the authbind endianness change introduced in secnet
    0.1.16.  This is most easily achieved by constructing the arguments to
    the helper from the sockaddr rather than the contents of "st".
    
    Thanks are due to Simon Tatham for the bug report.
    
    Signed-off-by: Ian Jackson <ijackson at chiark.greenend.org.uk>

diff --git a/udp.c b/udp.c
index f420664..bbf8c64 100644
--- a/udp.c
+++ b/udp.c
@@ -241,8 +241,8 @@ static void udp_phase_hook(void *sst, uint32_t new_phase)
 	}
 	if (c==0) {
 	    char *argv[4], addrstr[9], portstr[5];
-	    sprintf(addrstr,"%08lX",(long)st->addr);
-	    sprintf(portstr,"%04X",st->port);
+	    sprintf(addrstr,"%08lX",(long)addr.sin_addr.s_addr);
+	    sprintf(portstr,"%04X",addr.sin_port);
 	    argv[0]=st->authbind;
 	    argv[1]=addrstr;
 	    argv[2]=portstr;

