relax insecure option on mountd

In nfs-utils 1.2.0, I noticed that the insecure option validates that
the client port is a
subset of IPPORT_RESERVED as opposed to just validating it is a valid
reserved port. The following proposed patch would correct that issue.

Acked-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Robert Gordon <rbg@openrbg.com>
Signed-off-by: Steve Dickson <steved@redhat.com>

diff --git a/utils/mountd/auth.c b/utils/mountd/auth.c
index 575f207bd028f0d74eed6097a82d485499c4d8b8..5a7ff8cd0fb81239eb5b717db3749bc7a665f196 100644 (file)
--- a/utils/mountd/auth.c
+++ b/utils/mountd/auth.c
@@ -169,8 +169,7 @@ auth_authenticate_internal(char *what, struct sockaddr_in *caller,
                }
        }
        if (!(exp->m_export.e_flags & NFSEXP_INSECURE_PORT) &&
-                   (ntohs(caller->sin_port) <  IPPORT_RESERVED/2 ||
-                    ntohs(caller->sin_port) >= IPPORT_RESERVED)) {
+                    ntohs(caller->sin_port) >= IPPORT_RESERVED) {
                *error = illegal_port;
                return NULL;
        }