summaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authorwpaul <wpaul@FreeBSD.org>1996-07-13 20:23:13 +0000
committerwpaul <wpaul@FreeBSD.org>1996-07-13 20:23:13 +0000
commitdd36926d570838b0f4086a79308586ddc87eeda9 (patch)
tree46b0eb58346dbaacee3ef8cf5ebf9b781d4b0a61 /lib
parent4203d74266977ec57c255c755be30a8e73088d4b (diff)
downloadFreeBSD-src-dd36926d570838b0f4086a79308586ddc87eeda9.zip
FreeBSD-src-dd36926d570838b0f4086a79308586ddc87eeda9.tar.gz
In _yp_dobind(), if we find ourselves required to contact the local ypbind
directly in order to obtain binding information, check that the local ypbind is using a reserved port and return YPERR_YPBIND if it isn't. We should not trust any ypbind running on a port >= IPPORT_RESERVED; it may have been started by a malicious user hoping to trick us into talking to a bogus ypserv. Note that we do not check the ypserv port returned to us from ypbind. It is assumed that ypbind has already done a reserved port test (or not, depending on whether or not it was started with -s); if we trust the authenticity of the local ypbind, we should also trust its judgement. Obtained from: OpenBSD
Diffstat (limited to 'lib')
-rw-r--r--lib/libc/yp/yplib.c18
1 files changed, 18 insertions, 0 deletions
diff --git a/lib/libc/yp/yplib.c b/lib/libc/yp/yplib.c
index 72f57e9..e83f69a 100644
--- a/lib/libc/yp/yplib.c
+++ b/lib/libc/yp/yplib.c
@@ -369,6 +369,17 @@ skipit:
return (YPERR_YPBIND);
}
+ /*
+ * Check the port number -- should be < IPPORT_RESERVED.
+ * If not, it's possible someone has registered a bogus
+ * ypbind with the portmapper and is trying to trick us.
+ */
+ if (ntohs(clnt_sin.sin_port) >= IPPORT_RESERVED) {
+ clnt_destroy(client);
+ if (new)
+ free(ysd);
+ return(YPERR_YPBIND);
+ }
tv.tv_sec = _yplib_timeout/2;
tv.tv_usec = 0;
r = clnt_call(client, YPBINDPROC_DOMAIN,
@@ -400,6 +411,13 @@ skipit:
*(u_short *)&ypbr.ypbind_resp_u.ypbind_bindinfo.ypbind_binding_port;
ysd->dom_server_addr.sin_addr.s_addr =
*(u_long *)&ypbr.ypbind_resp_u.ypbind_bindinfo.ypbind_binding_addr;
+
+ /*
+ * We could do a reserved port check here too, but this
+ * could pose compatibility problems. The local ypbind is
+ * supposed to decide whether or not to trust yp servers
+ * on insecure ports. For now, we trust its judgement.
+ */
ysd->dom_server_port =
*(u_short *)&ypbr.ypbind_resp_u.ypbind_bindinfo.ypbind_binding_port;
gotit:
OpenPOWER on IntegriCloud