Close the "IRC DCC" security breach reported recently on Bugtraq.

Submitted by: Makoto MATSUSHITA <matusita@jp.FreeBSD.org>
author: ru <ru@FreeBSD.org> 2001-08-21 11:21:08 +0000
committer: ru <ru@FreeBSD.org> 2001-08-21 11:21:08 +0000
commit: 4d0fae19b52489173cbb9c3afb3a755a177b510a (patch)
tree: 49f794eafca9c532240832831509868f5d4cf040 /lib/libalias
parent: 2286423a9940558949a4146502f59590daf55499 (diff)
download: FreeBSD-src-4d0fae19b52489173cbb9c3afb3a755a177b510a.zip
FreeBSD-src-4d0fae19b52489173cbb9c3afb3a755a177b510a.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/libalias/alias_irc.c b/lib/libalias/alias_irc.c
index 6a8ebe2..ec5aa8a 100644
--- a/lib/libalias/alias_irc.c
+++ b/lib/libalias/alias_irc.c
@@ -236,6 +236,12 @@ lFOUND_CTCP:
 			 true_addr.s_addr = htonl(org_addr);
 			 destaddr.s_addr = 0;
 
+			 /* Sanity/Security checking */
+			 if (!org_addr || !org_port ||
+			     pip->ip_src.s_addr != true_addr.s_addr ||
+			     org_port < IPPORT_RESERVED)
+				 goto lBAD_CTCP;
+
 			 /* Steal the FTP_DATA_PORT - it doesn't really matter, and this
 				 would probably allow it through at least _some_
 				 firewalls. */
author	ru <ru@FreeBSD.org>	2001-08-21 11:21:08 +0000
committer	ru <ru@FreeBSD.org>	2001-08-21 11:21:08 +0000
commit	4d0fae19b52489173cbb9c3afb3a755a177b510a (patch)
tree	49f794eafca9c532240832831509868f5d4cf040 /lib/libalias
parent	2286423a9940558949a4146502f59590daf55499 (diff)
download	FreeBSD-src-4d0fae19b52489173cbb9c3afb3a755a177b510a.zip FreeBSD-src-4d0fae19b52489173cbb9c3afb3a755a177b510a.tar.gz