summaryrefslogtreecommitdiffstats
path: root/libexec/rlogind
diff options
context:
space:
mode:
authorimp <imp@FreeBSD.org>1997-02-09 04:18:43 +0000
committerimp <imp@FreeBSD.org>1997-02-09 04:18:43 +0000
commitb0ad700c810f7676f2b9da86da3bb2d811a1fafa (patch)
treec248698250bdad3b19d0da3ac73901698251aa02 /libexec/rlogind
parentee7d6816c38c7d7bd1036a1e53c3ada7e5ba07a1 (diff)
downloadFreeBSD-src-b0ad700c810f7676f2b9da86da3bb2d811a1fafa.zip
FreeBSD-src-b0ad700c810f7676f2b9da86da3bb2d811a1fafa.tar.gz
Some patches for source routed packets from OpenBSD.
Rev 1.16 deraadt: do not warn about valid options; invalid options correctly quit Rev 1.15 deraadt: need not clear options since bad ones cause exit; provos@ws1.physnet.uni-hamburg.de Rev 1.14 deraadt: IPOPT_LSRR/IPOPT_SSRR must exit() due to tcp sequencing; pointed out by provos@wserver.physnet.uni-hamburg.de. also another 1-char buffer overflow. Reviewed by: Peter Wemm Obtained from: OpenSBD
Diffstat (limited to 'libexec/rlogind')
-rw-r--r--libexec/rlogind/rlogind.c28
1 files changed, 14 insertions, 14 deletions
diff --git a/libexec/rlogind/rlogind.c b/libexec/rlogind/rlogind.c
index b19b0cf..64b346e 100644
--- a/libexec/rlogind/rlogind.c
+++ b/libexec/rlogind/rlogind.c
@@ -252,9 +252,8 @@ doit(f, fromp)
}
#ifdef IP_OPTIONS
{
- u_char optbuf[BUFSIZ/3], *cp;
- char lbuf[BUFSIZ], *lp;
- int optsize = sizeof(optbuf), ipproto;
+ u_char optbuf[BUFSIZ/3];
+ int optsize = sizeof(optbuf), ipproto, i;
struct protoent *ip;
if ((ip = getprotobyname("ip")) != NULL)
@@ -263,17 +262,18 @@ doit(f, fromp)
ipproto = IPPROTO_IP;
if (getsockopt(0, ipproto, IP_OPTIONS, (char *)optbuf,
&optsize) == 0 && optsize != 0) {
- lp = lbuf;
- for (cp = optbuf; optsize > 0; cp++, optsize--, lp += 3)
- sprintf(lp, " %2.2x", *cp);
- syslog(LOG_NOTICE,
- "Connection received using IP options (ignored):%s",
- lbuf);
- if (setsockopt(0, ipproto, IP_OPTIONS,
- (char *)NULL, optsize) != 0) {
- syslog(LOG_ERR,
- "setsockopt IP_OPTIONS NULL: %m");
- exit(1);
+ for (i = 0; i < optsize; ) {
+ u_char c = optbuf[i];
+ if (c == IPOPT_LSRR || c == IPOPT_SSRR) {
+ syslog(LOG_NOTICE,
+ "Connection refused from %s with IP option %s",
+ inet_ntoa(fromp->sin_addr),
+ c == IPOPT_LSRR ? "LSRR" : "SSRR");
+ exit(1);
+ }
+ if (c == IPOPT_EOL)
+ break;
+ i += (c == IPOPT_NOP) ? 1 : optbuf[i+1];
}
}
}
OpenPOWER on IntegriCloud