Ensure that received packets are at least as long as the rwho packet

header before trying to process them. Without this sanity check,
rwhod can attempt to byte-swap all of memory when a short packet
is received, and so dies with a SIGBUS.

While I'm here, change two other syslog messages to be more
informative: use dotted quad rather than hex notation for IP
addresses, and include the source IP in the 'bad from port' message.

PR:		bin/14844
Reviewed by:	dwmalone

1 files changed, 10 insertions, 4 deletions

diff --git a/usr.sbin/rwhod/rwhod.c b/usr.sbin/rwhod/rwhod.c
index 138d3c4..f54ed7ff 100644
--- a/usr.sbin/rwhod/rwhod.c
+++ b/usr.sbin/rwhod/rwhod.c
@@ -56,6 +56,7 @@ static const char rcsid[] =
 #include <net/if_dl.h>
 #include <net/route.h>
 #include <netinet/in.h>
+#include <arpa/inet.h>
 #include <protocols/rwhod.h>
 
 #include <ctype.h>
@@ -277,8 +278,13 @@ main(argc, argv)
 			continue;
 		}
 		if (from.sin_port != sp->s_port && !insecure_mode) {
-			syslog(LOG_WARNING, "%d: bad from port",
-				ntohs(from.sin_port));
+			syslog(LOG_WARNING, "%d: bad source port from %s",
+			    ntohs(from.sin_port), inet_ntoa(from.sin_addr));
+			continue;
+		}
+		if (cc < WHDRSIZE) {
+			syslog(LOG_WARNING, "short packet from %s",
+			    inet_ntoa(from.sin_addr));
 			continue;
 		}
 		if (wd.wd_vers != WHODVERSION)
@@ -286,8 +292,8 @@ main(argc, argv)
 		if (wd.wd_type != WHODTYPE_STATUS)
 			continue;
 		if (!verify(wd.wd_hostname, sizeof wd.wd_hostname)) {
-			syslog(LOG_WARNING, "malformed host name from %x",
-				from.sin_addr);
+			syslog(LOG_WARNING, "malformed host name from %s",
+			    inet_ntoa(from.sin_addr));
 			continue;
 		}
 		(void) snprintf(path, sizeof path, "whod.%s", wd.wd_hostname);