diff options
| author | iedowse <iedowse@FreeBSD.org> | 2000-12-22 21:30:15 +0000 |
|---|---|---|
| committer | iedowse <iedowse@FreeBSD.org> | 2000-12-22 21:30:15 +0000 |
| commit | cd6399ca0f4a2f014f42eaed72fb574f75b9c040 (patch) | |
| tree | 93badada1e585566333da1bad0d37b64e6b21b58 | |
| parent | 461306f6402239c3412d0fc31b825abdbf080722 (diff) | |
| download | FreeBSD-src-cd6399ca0f4a2f014f42eaed72fb574f75b9c040.zip FreeBSD-src-cd6399ca0f4a2f014f42eaed72fb574f75b9c040.tar.gz | |
Ensure that received packets are at least as long as the rwho packet
header before trying to process them. Without this sanity check,
rwhod can attempt to byte-swap all of memory when a short packet
is received, and so dies with a SIGBUS.
While I'm here, change two other syslog messages to be more
informative: use dotted quad rather than hex notation for IP
addresses, and include the source IP in the 'bad from port' message.
PR: bin/14844
Reviewed by: dwmalone
| -rw-r--r-- | usr.sbin/rwhod/rwhod.c | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/usr.sbin/rwhod/rwhod.c b/usr.sbin/rwhod/rwhod.c index 138d3c4..f54ed7ff 100644 --- a/usr.sbin/rwhod/rwhod.c +++ b/usr.sbin/rwhod/rwhod.c @@ -56,6 +56,7 @@ static const char rcsid[] = #include <net/if_dl.h> #include <net/route.h> #include <netinet/in.h> +#include <arpa/inet.h> #include <protocols/rwhod.h> #include <ctype.h> @@ -277,8 +278,13 @@ main(argc, argv) continue; } if (from.sin_port != sp->s_port && !insecure_mode) { - syslog(LOG_WARNING, "%d: bad from port", - ntohs(from.sin_port)); + syslog(LOG_WARNING, "%d: bad source port from %s", + ntohs(from.sin_port), inet_ntoa(from.sin_addr)); + continue; + } + if (cc < WHDRSIZE) { + syslog(LOG_WARNING, "short packet from %s", + inet_ntoa(from.sin_addr)); continue; } if (wd.wd_vers != WHODVERSION) @@ -286,8 +292,8 @@ main(argc, argv) if (wd.wd_type != WHODTYPE_STATUS) continue; if (!verify(wd.wd_hostname, sizeof wd.wd_hostname)) { - syslog(LOG_WARNING, "malformed host name from %x", - from.sin_addr); + syslog(LOG_WARNING, "malformed host name from %s", + inet_ntoa(from.sin_addr)); continue; } (void) snprintf(path, sizeof path, "whod.%s", wd.wd_hostname); |
