Close the "IRC DCC" security breach reported recently on Bugtraq.
Submitted by: Makoto MATSUSHITA <matusita@jp.FreeBSD.org>
This commit is contained in:
parent
ebdcbc6744
commit
04c3e33949
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=82050
@ -236,6 +236,12 @@ AliasHandleIrcOut(struct ip *pip, /* IP packet to examine */
|
|||||||
true_addr.s_addr = htonl(org_addr);
|
true_addr.s_addr = htonl(org_addr);
|
||||||
destaddr.s_addr = 0;
|
destaddr.s_addr = 0;
|
||||||
|
|
||||||
|
/* Sanity/Security checking */
|
||||||
|
if (!org_addr || !org_port ||
|
||||||
|
pip->ip_src.s_addr != true_addr.s_addr ||
|
||||||
|
org_port < IPPORT_RESERVED)
|
||||||
|
goto lBAD_CTCP;
|
||||||
|
|
||||||
/* Steal the FTP_DATA_PORT - it doesn't really matter, and this
|
/* Steal the FTP_DATA_PORT - it doesn't really matter, and this
|
||||||
would probably allow it through at least _some_
|
would probably allow it through at least _some_
|
||||||
firewalls. */
|
firewalls. */
|
||||||
|
@ -236,6 +236,12 @@ AliasHandleIrcOut(struct ip *pip, /* IP packet to examine */
|
|||||||
true_addr.s_addr = htonl(org_addr);
|
true_addr.s_addr = htonl(org_addr);
|
||||||
destaddr.s_addr = 0;
|
destaddr.s_addr = 0;
|
||||||
|
|
||||||
|
/* Sanity/Security checking */
|
||||||
|
if (!org_addr || !org_port ||
|
||||||
|
pip->ip_src.s_addr != true_addr.s_addr ||
|
||||||
|
org_port < IPPORT_RESERVED)
|
||||||
|
goto lBAD_CTCP;
|
||||||
|
|
||||||
/* Steal the FTP_DATA_PORT - it doesn't really matter, and this
|
/* Steal the FTP_DATA_PORT - it doesn't really matter, and this
|
||||||
would probably allow it through at least _some_
|
would probably allow it through at least _some_
|
||||||
firewalls. */
|
firewalls. */
|
||||||
|
Loading…
Reference in New Issue
Block a user