diff options
author | wpaul <wpaul@FreeBSD.org> | 1996-10-20 19:52:53 +0000 |
---|---|---|
committer | wpaul <wpaul@FreeBSD.org> | 1996-10-20 19:52:53 +0000 |
commit | 9e76d64e1d5c1e618144b687f91e94298dcfb88f (patch) | |
tree | b14af9a7f066fd2fa32115201800435124eb0835 | |
parent | dcf9bf8b9191587f503708ca79ce59c31aff8d85 (diff) | |
download | FreeBSD-src-9e76d64e1d5c1e618144b687f91e94298dcfb88f.zip FreeBSD-src-9e76d64e1d5c1e618144b687f91e94298dcfb88f.tar.gz |
Add a couple of reserved port checks: don't talk to either ypserv
or rpc.ypxfrd processes on remote systems that aren't bound to reserved
ports. The servers already do reserved port checks on the clients.
Obtained from: scrutinizing the OpenBSD ypxfr sources. (Note that this
applies to the ypserv check only; OpenBSD doesn't have an rpc.ypxfrd.)
-rw-r--r-- | libexec/ypxfr/ypxfr_main.c | 29 |
1 files changed, 24 insertions, 5 deletions
diff --git a/libexec/ypxfr/ypxfr_main.c b/libexec/ypxfr/ypxfr_main.c index 47684fb..f26c5cb 100644 --- a/libexec/ypxfr/ypxfr_main.c +++ b/libexec/ypxfr/ypxfr_main.c @@ -29,7 +29,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: ypxfr_main.c,v 1.17 1996/06/03 03:11:39 wpaul Exp $ + * $Id: ypxfr_main.c,v 1.18 1996/10/20 19:44:45 wpaul Exp $ */ #include <stdio.h> #include <stdlib.h> @@ -51,7 +51,7 @@ struct dom_binding {}; #include "ypxfr_extern.h" #ifndef lint -static const char rcsid[] = "$Id: ypxfr_main.c,v 1.17 1996/06/03 03:11:39 wpaul Exp $"; +static const char rcsid[] = "$Id: ypxfr_main.c,v 1.18 1996/10/20 19:44:45 wpaul Exp $"; #endif char *progname = "ypxfr"; @@ -162,6 +162,7 @@ main(argc,argv) char tempmap[MAXPATHLEN + 2]; char buf[MAXPATHLEN + 2]; DBT key, data; + int remoteport; debug = 1; @@ -332,6 +333,16 @@ the local domain name isn't set"); if (ypxfr_source_host == NULL) ypxfr_source_host = ypxfr_master; + /* + * Don't talk to ypservs on unprivileged ports. + */ + remoteport = getrpcport(ypxfr_source_host, YPPROG, YPVERS, IPPROTO_UDP); + if (remoteport >= IPPORT_RESERVED) { + yp_error("ypserv on %s not running on reserved port", + ypxfr_source_host); + ypxfr_exit(YPXFR_REFUSED, NULL); + } + if ((ypxfr_order = ypxfr_get_order(ypxfr_source_domain, ypxfr_mapname, ypxfr_master, 0)) == 0) { @@ -376,10 +387,18 @@ the local domain name isn't set"); snprintf(ypxfr_temp_map, sizeof(ypxfr_temp_map), "%s/%s/%s", yp_dir, ypxfr_dest_domain, tempmap); - if (getrpcport(ypxfr_master, YPXFRD_FREEBSD_PROG, - YPXFRD_FREEBSD_VERS, IPPROTO_TCP)) { + if ((remoteport = getrpcport(ypxfr_source_host, YPXFRD_FREEBSD_PROG, + YPXFRD_FREEBSD_VERS, IPPROTO_TCP))) { + + /* Don't talk to rpc.ypxfrds on unprovileged ports. */ + if (remoteport >= IPPORT_RESERVED) { + yp_error("rpc.ypxfrd on %s not using privileged port", + ypxfr_source_host); + ypxfr_exit(YPXFR_REFUSED, NULL); + } + /* Try to send using ypxfrd. If it fails, use old method. */ - if (!ypxfrd_get_map(ypxfr_master, ypxfr_mapname, + if (!ypxfrd_get_map(ypxfr_source_host, ypxfr_mapname, ypxfr_source_domain, ypxfr_temp_map)) goto leave; } |