X-Git-Url: http://git.hungrycats.org/cgi-bin/gitweb.cgi?a=blobdiff_plain;f=hacks%2Fsonar.c;h=b3f3cb6a1f1211b589de785f48ede253bc2e0edc;hb=0d6b320def9180cf907ceaed56b23a972a11b757;hp=6b1453398ce7e8a92d96c77622f3877ff363c65f;hpb=2d04c4f22466851aedb6ed0f2919d148f726b889;p=xscreensaver

diff --git a/hacks/sonar.c b/hacks/sonar.c
index 6b145339..b3f3cb6a 100644
--- a/hacks/sonar.c
+++ b/hacks/sonar.c
@@ -38,7 +38,7 @@
  * software for any purpose.  It is provided "as is" without express or 
  * implied warranty.
  *
- * $Revision: 1.37 $
+ * $Revision: 1.39 $
  *
  * Version 1.0 April 27, 1998.
  * - Initial version
@@ -537,8 +537,9 @@ lookupHost(ping_target *target)
       hent = gethostbyname (target->name);
       if (!hent)
         {
-          fprintf (stderr, "%s: could not resolve host:  %s\n",
-                   progname, target->name);
+          if (debug_p)
+            fprintf (stderr, "%s: could not resolve host:  %s\n",
+                     progname, target->name);
           return 0;
         }
 
@@ -608,7 +609,7 @@ newHost(char *name)
       struct sockaddr_in *iaddr = (struct sockaddr_in *) &(target->address);
       unsigned long ip = iaddr->sin_addr.s_addr;
 
-      if ((ntohl (ip) & 0xFFFFFF00L) == 0x7f000000L)  /* 127.0.0 */
+      if ((ntohl (ip) & 0xFFFFFF00L) == 0x7f000000L)  /* 127.0.0.x */
         {
           if (debug_p)
             fprintf (stderr, "%s:   ignoring loopback host %s\n",
@@ -617,6 +618,19 @@ newHost(char *name)
         }
     }
 
+    /* Don't ever use broadcast (255.x.x.x) hosts */
+    {
+      struct sockaddr_in *iaddr = (struct sockaddr_in *) &(target->address);
+      unsigned long ip = iaddr->sin_addr.s_addr;
+      if ((ntohl (ip) & 0xFF000000L) == 0xFF000000L)  /* 255.x.x.x */
+        {
+          if (debug_p)
+            fprintf (stderr, "%s:   ignoring broadcast host %s\n",
+                     progname, target->name);
+          goto target_init_error;
+        }
+    }
+
     /* Done */
 
     if (debug_p)
@@ -950,9 +964,18 @@ init_ping(void)
 	goto ping_init_error;
     }
 
-    /* Create the ICMP socket */
+    /* Create the ICMP socket.  Do this before dropping privs.
+
+       Raw sockets can only be opened by root (or setuid root), so we
+       only try to do this when the effective uid is 0.
 
-    if ((pi->icmpsock = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP)) >= 0) {
+       We used to just always try, and notice the failure.  But apparently
+       that causes "SELinux" to log spurious warnings when running with the
+       "strict" policy.  So to avoid that, we just don't try unless we
+       know it will work.
+     */
+    if (geteuid() == 0 &&
+        (pi->icmpsock = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP)) >= 0) {
       socket_initted_p = True;
     }