summaryrefslogtreecommitdiffstats
path: root/libexec
diff options
context:
space:
mode:
authorimp <imp@FreeBSD.org>1997-02-09 04:16:27 +0000
committerimp <imp@FreeBSD.org>1997-02-09 04:16:27 +0000
commitee7d6816c38c7d7bd1036a1e53c3ada7e5ba07a1 (patch)
treeb888f01b8d4b9b56c6c3bd47b228c389f3c162eb /libexec
parent289dfcbaa64490be4aee0f486bdf171a85f86fca (diff)
downloadFreeBSD-src-ee7d6816c38c7d7bd1036a1e53c3ada7e5ba07a1.zip
FreeBSD-src-ee7d6816c38c7d7bd1036a1e53c3ada7e5ba07a1.tar.gz
Some patches for source routed packets from OpenBSD.
Rev 1.13 deraadt: do not warn about valid options; invalid options correctly quit Rev 1.12 deraadt: need not clear options since bad ones cause exit; provos@ws1.physnet.uni-hamburg.de Rev 1.11 deraadt: IPOPT_LSRR/IPOPT_SSRR must exit() due to tcp sequencing; pointed out by provos@wserver.physnet.uni-hamburg.de. also another 1-char buffer overflow. Reviewed by: Peter Wemm Obtained from: OpenSBD
Diffstat (limited to 'libexec')
-rw-r--r--libexec/rshd/rshd.c29
1 files changed, 16 insertions, 13 deletions
diff --git a/libexec/rshd/rshd.c b/libexec/rshd/rshd.c
index 5170ef0..61ede51 100644
--- a/libexec/rshd/rshd.c
+++ b/libexec/rshd/rshd.c
@@ -56,7 +56,9 @@ static char sccsid[] = "@(#)rshd.c 8.2 (Berkeley) 4/6/94";
#include <sys/time.h>
#include <sys/socket.h>
+#include <netinet/in_systm.h>
#include <netinet/in.h>
+#include <netinet/ip.h>
#include <arpa/inet.h>
#include <netdb.h>
@@ -236,9 +238,8 @@ doit(fromp)
}
#ifdef IP_OPTIONS
{
- u_char optbuf[BUFSIZ/3], *cp;
- char lbuf[BUFSIZ], *lp;
- int optsize = sizeof(optbuf), ipproto;
+ u_char optbuf[BUFSIZ/3];
+ int optsize = sizeof(optbuf), ipproto, i;
struct protoent *ip;
if ((ip = getprotobyname("ip")) != NULL)
@@ -247,16 +248,18 @@ doit(fromp)
ipproto = IPPROTO_IP;
if (!getsockopt(0, ipproto, IP_OPTIONS, (char *)optbuf, &optsize) &&
optsize != 0) {
- lp = lbuf;
- for (cp = optbuf; optsize > 0; cp++, optsize--, lp += 3)
- sprintf(lp, " %2.2x", *cp);
- syslog(LOG_NOTICE,
- "Connection received from %s using IP options (ignored):%s",
- inet_ntoa(fromp->sin_addr), lbuf);
- if (setsockopt(0, ipproto, IP_OPTIONS,
- (char *)NULL, optsize) != 0) {
- syslog(LOG_ERR, "setsockopt IP_OPTIONS NULL: %m");
- exit(1);
+ for (i = 0; i < optsize; ) {
+ u_char c = optbuf[i];
+ if (c == IPOPT_LSRR || c == IPOPT_SSRR) {
+ syslog(LOG_NOTICE,
+ "Connection refused from %s with IP option %s",
+ inet_ntoa(fromp->sin_addr),
+ c == IPOPT_LSRR ? "LSRR" : "SSRR");
+ exit(1);
+ }
+ if (c == IPOPT_EOL)
+ break;
+ i += (c == IPOPT_NOP) ? 1 : optbuf[i+1];
}
}
}
OpenPOWER on IntegriCloud