Hi,
At 13.14 20/07/2006, Gennadiy Tsarenkov wrote:
>Hi all,
>
>I've tried to build squid under Windows environment
>and find out that a fix is necessary.
>Namelly,
>1) when copeing MAC address to the arpReq using memcpy
>the attribute dwPhysAddrLen is incorrectly accessed
>(i.e. NetTable[i].table->dwPhysAddrLen).
>The correct line should be
>memcpy(arpReq.arp_ha.sa_data,
>NetTable->table[i].bPhysAddr,
>NetTable->table[i].dwPhysAddrLen);
>This also protects this function from attacks.
Yes, correct.
>2) ARP is checked against cached entries under Windows
>environment. If the ARP entry is not found in cache
>then the undefined value is contained in
>arpReq.arp_ha. This may lead to granting access or
>deny rule incorretly (very unlikely, but possible). It
>would be nice, if it will be initialized with zeros
>before lookup cycle.
>memset(arpReq.arp_ha, 0, sizeof(arpReq.arp_ha));
Sure, now it's done like other platforms.
>3) I would suggest to even to extend this
>functionality in such a way that if address is not
>found in cache, then SendARP function is executed.
It could be a good suggestion, but there are some bad side effects:
If all acl defined client are on-line, this is good, but for every
switched off client defined in an arp acl, we will send an arp
request and wait for a response, very bad .....
>4) For Windows under cygwin there is still needed to
>add -lresolv when linking with --disable-internal-dns.
I will check this.
Thanks for your suggestions.
Regards
Guido
-
========================================================
Guido Serassio
Acme Consulting S.r.l. - Microsoft Certified Partner
Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY
Tel. : +39.011.9530135 Fax. : +39.011.9781115
Email: guido.serassio@acmeconsulting.it
WWW: http://www.acmeconsulting.it/
Received on Fri Jul 21 2006 - 09:07:19 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Aug 01 2006 - 12:00:02 MDT