Fix a bug in the hack that protects against FTP bounce attacks.

It used to loop back up to the accept() call and block there, shutting out all other transports until a new connection came in. Now it returns instead after dropping the connection. That will take it back to the select() loop where all transports can be serviced. I intend to MFC this within a day or two since it fixes a DoS vulnerability.
author: jdp <jdp@FreeBSD.org> 1999-11-17 01:54:17 +0000
committer: jdp <jdp@FreeBSD.org> 1999-11-17 01:54:17 +0000
commit: 3776d08208bf7d6dcba99c148cba092dbc52eb1b (patch)
tree: 7645ba4a62a94cbd12b02416d859c685231674ef /lib/libc
parent: 98a212df1f8810b90c299e120edcbfba1877933a (diff)
download: FreeBSD-src-3776d08208bf7d6dcba99c148cba092dbc52eb1b.zip
FreeBSD-src-3776d08208bf7d6dcba99c148cba092dbc52eb1b.tar.gz
1 files changed, 2 insertions, 3 deletions
diff --git a/lib/libc/rpc/svc_tcp.c b/lib/libc/rpc/svc_tcp.c
index a87b361..b0aafbf 100644
--- a/lib/libc/rpc/svc_tcp.c
+++ b/lib/libc/rpc/svc_tcp.c
@@ -244,12 +244,11 @@ rendezvous_request(xprt)
 	       return (FALSE);
 	}
 	/*
-	 * XXX careful for ftp bounce attacks. If discovered, close the
-	 * socket and look for another connection.
+	 * Guard against FTP bounce attacks.
 	 */
 	if (addr.sin_port == htons(20)) {
 		close(sock);
-		goto again;
+		return (FALSE);
 	}
 	/*
 	 * make a new transporter (re-uses xprt)
author	jdp <jdp@FreeBSD.org>	1999-11-17 01:54:17 +0000
committer	jdp <jdp@FreeBSD.org>	1999-11-17 01:54:17 +0000
commit	3776d08208bf7d6dcba99c148cba092dbc52eb1b (patch)
tree	7645ba4a62a94cbd12b02416d859c685231674ef /lib/libc
parent	98a212df1f8810b90c299e120edcbfba1877933a (diff)
download	FreeBSD-src-3776d08208bf7d6dcba99c148cba092dbc52eb1b.zip FreeBSD-src-3776d08208bf7d6dcba99c148cba092dbc52eb1b.tar.gz