diff options
| author | imp <imp@FreeBSD.org> | 1997-02-09 04:16:27 +0000 |
|---|---|---|
| committer | imp <imp@FreeBSD.org> | 1997-02-09 04:16:27 +0000 |
| commit | ee7d6816c38c7d7bd1036a1e53c3ada7e5ba07a1 (patch) | |
| tree | b888f01b8d4b9b56c6c3bd47b228c389f3c162eb /libexec/rshd/rshd.c | |
| parent | 289dfcbaa64490be4aee0f486bdf171a85f86fca (diff) | |
| download | FreeBSD-src-ee7d6816c38c7d7bd1036a1e53c3ada7e5ba07a1.zip FreeBSD-src-ee7d6816c38c7d7bd1036a1e53c3ada7e5ba07a1.tar.gz | |
Some patches for source routed packets from OpenBSD.
Rev 1.13 deraadt:
do not warn about valid options; invalid options correctly quit
Rev 1.12 deraadt:
need not clear options since bad ones cause exit;
provos@ws1.physnet.uni-hamburg.de
Rev 1.11 deraadt:
IPOPT_LSRR/IPOPT_SSRR must exit() due to tcp sequencing; pointed
out by provos@wserver.physnet.uni-hamburg.de. also another 1-char
buffer overflow.
Reviewed by: Peter Wemm
Obtained from: OpenSBD
Diffstat (limited to 'libexec/rshd/rshd.c')
| -rw-r--r-- | libexec/rshd/rshd.c | 29 |
1 files changed, 16 insertions, 13 deletions
diff --git a/libexec/rshd/rshd.c b/libexec/rshd/rshd.c index 5170ef0..61ede51 100644 --- a/libexec/rshd/rshd.c +++ b/libexec/rshd/rshd.c @@ -56,7 +56,9 @@ static char sccsid[] = "@(#)rshd.c 8.2 (Berkeley) 4/6/94"; #include <sys/time.h> #include <sys/socket.h> +#include <netinet/in_systm.h> #include <netinet/in.h> +#include <netinet/ip.h> #include <arpa/inet.h> #include <netdb.h> @@ -236,9 +238,8 @@ doit(fromp) } #ifdef IP_OPTIONS { - u_char optbuf[BUFSIZ/3], *cp; - char lbuf[BUFSIZ], *lp; - int optsize = sizeof(optbuf), ipproto; + u_char optbuf[BUFSIZ/3]; + int optsize = sizeof(optbuf), ipproto, i; struct protoent *ip; if ((ip = getprotobyname("ip")) != NULL) @@ -247,16 +248,18 @@ doit(fromp) ipproto = IPPROTO_IP; if (!getsockopt(0, ipproto, IP_OPTIONS, (char *)optbuf, &optsize) && optsize != 0) { - lp = lbuf; - for (cp = optbuf; optsize > 0; cp++, optsize--, lp += 3) - sprintf(lp, " %2.2x", *cp); - syslog(LOG_NOTICE, - "Connection received from %s using IP options (ignored):%s", - inet_ntoa(fromp->sin_addr), lbuf); - if (setsockopt(0, ipproto, IP_OPTIONS, - (char *)NULL, optsize) != 0) { - syslog(LOG_ERR, "setsockopt IP_OPTIONS NULL: %m"); - exit(1); + for (i = 0; i < optsize; ) { + u_char c = optbuf[i]; + if (c == IPOPT_LSRR || c == IPOPT_SSRR) { + syslog(LOG_NOTICE, + "Connection refused from %s with IP option %s", + inet_ntoa(fromp->sin_addr), + c == IPOPT_LSRR ? "LSRR" : "SSRR"); + exit(1); + } + if (c == IPOPT_EOL) + break; + i += (c == IPOPT_NOP) ? 1 : optbuf[i+1]; } } } |
