Commit 79344b97 authored by Mark Andrews's avatar Mark Andrews
Browse files

2996. [security] Temporarily disable SO_ACCEPTFILTER support.

                        [RT #22589]
parent 179e028b
2996. [security] Temporarily disable SO_ACCEPTFILTER support.
[RT #22589]
2995. [bug] The Kerberos realm was not being correctly extracted
from the signer's identity. [RT #22770]
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: socket.c,v 1.332 2010/12/03 22:05:19 each Exp $ */
/* $Id: socket.c,v 1.333 2010/12/22 03:08:36 marka Exp $ */
/*! \file */
......@@ -4995,10 +4995,17 @@ isc__socket_bind(isc_socket_t *sock0, isc_sockaddr_t *sockaddr,
return (ISC_R_SUCCESS);
}
/*
* Enable this only for specific OS versions, and only when they have repaired
* their problems with it. Until then, this is is broken and needs to be
* diabled by default. See RT22589 for details.
*/
#undef ENABLE_ACCEPTFILTER
ISC_SOCKETFUNC_SCOPE isc_result_t
isc__socket_filter(isc_socket_t *sock0, const char *filter) {
isc__socket_t *sock = (isc__socket_t *)sock0;
#ifdef SO_ACCEPTFILTER
#if defined(SO_ACCEPTFILTER) && defined(ENABLE_ACCEPTFILTER)
char strbuf[ISC_STRERRORSIZE];
struct accept_filter_arg afa;
#else
......@@ -5008,7 +5015,7 @@ isc__socket_filter(isc_socket_t *sock0, const char *filter) {
REQUIRE(VALID_SOCKET(sock));
#ifdef SO_ACCEPTFILTER
#if defined(SO_ACCEPTFILTER) && defined(ENABLE_ACCEPTFILTER)
bzero(&afa, sizeof(afa));
strncpy(afa.af_name, filter, sizeof(afa.af_name));
if (setsockopt(sock->fd, SOL_SOCKET, SO_ACCEPTFILTER,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment