From cd6399ca0f4a2f014f42eaed72fb574f75b9c040 Mon Sep 17 00:00:00 2001
From: iedowse <iedowse@FreeBSD.org>
Date: Fri, 22 Dec 2000 21:30:15 +0000
Subject: Ensure that received packets are at least as long as the rwho packet
 header before trying to process them. Without this sanity check, rwhod can
 attempt to byte-swap all of memory when a short packet is received, and so
 dies with a SIGBUS.

While I'm here, change two other syslog messages to be more
informative: use dotted quad rather than hex notation for IP
addresses, and include the source IP in the 'bad from port' message.

PR:		bin/14844
Reviewed by:	dwmalone
---
 usr.sbin/rwhod/rwhod.c | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

(limited to 'usr.sbin/rwhod')

diff --git a/usr.sbin/rwhod/rwhod.c b/usr.sbin/rwhod/rwhod.c
index 138d3c4..f54ed7ff 100644
--- a/usr.sbin/rwhod/rwhod.c
+++ b/usr.sbin/rwhod/rwhod.c
@@ -56,6 +56,7 @@ static const char rcsid[] =
 #include <net/if_dl.h>
 #include <net/route.h>
 #include <netinet/in.h>
+#include <arpa/inet.h>
 #include <protocols/rwhod.h>
 
 #include <ctype.h>
@@ -277,8 +278,13 @@ main(argc, argv)
 			continue;
 		}
 		if (from.sin_port != sp->s_port && !insecure_mode) {
-			syslog(LOG_WARNING, "%d: bad from port",
-				ntohs(from.sin_port));
+			syslog(LOG_WARNING, "%d: bad source port from %s",
+			    ntohs(from.sin_port), inet_ntoa(from.sin_addr));
+			continue;
+		}
+		if (cc < WHDRSIZE) {
+			syslog(LOG_WARNING, "short packet from %s",
+			    inet_ntoa(from.sin_addr));
 			continue;
 		}
 		if (wd.wd_vers != WHODVERSION)
@@ -286,8 +292,8 @@ main(argc, argv)
 		if (wd.wd_type != WHODTYPE_STATUS)
 			continue;
 		if (!verify(wd.wd_hostname, sizeof wd.wd_hostname)) {
-			syslog(LOG_WARNING, "malformed host name from %x",
-				from.sin_addr);
+			syslog(LOG_WARNING, "malformed host name from %s",
+			    inet_ntoa(from.sin_addr));
 			continue;
 		}
 		(void) snprintf(path, sizeof path, "whod.%s", wd.wd_hostname);
-- 
cgit v1.1