1. Add IPv6 portrange restriction code (-U flag) to passive().

2. Add portrange restriction code (for both v4 and v6) to the EPSV processing stuff.
2000-05-25 19:30:18 +00:00 · 2000-05-25 19:30:18 +00:00 · 2db39860cf
commit 2db39860cf
parent a68f8b580f
1 changed files with 31 additions and 0 deletions
--- a/libexec/ftpd/ftpd.c
+++ b/libexec/ftpd/ftpd.c
@ -2345,6 +2345,16 @@ passive()
 		    goto pasv_error;
 	}
 #endif
+#ifdef IPV6_PORTRANGE
+	if (ctrl_addr.su_family == AF_INET6) {
+	    int on = restricted_data_ports ? IPV6_PORTRANGE_HIGH
+					   : IPV6_PORTRANGE_DEFAULT;
+
+	    if (setsockopt(pdata, IPPROTO_IPV6, IPV6_PORTRANGE,
+			    (char *)&on, sizeof(on)) < 0)
+		    goto pasv_error;
+	}
+#endif

 	pasv_addr = ctrl_addr;
 	pasv_addr.su_port = 0;
@ -2438,6 +2448,27 @@ long_passive(cmd, pf)
 	pasv_addr.su_port = 0;
 	len = pasv_addr.su_len;

+#ifdef IP_PORTRANGE
+	if (ctrl_addr.su_family == AF_INET) {
+	    int on = restricted_data_ports ? IP_PORTRANGE_HIGH
+					   : IP_PORTRANGE_DEFAULT;
+
+	    if (setsockopt(pdata, IPPROTO_IP, IP_PORTRANGE,
+			    (char *)&on, sizeof(on)) < 0)
+		    goto pasv_error;
+	}
+#endif
+#ifdef IPV6_PORTRANGE
+	if (ctrl_addr.su_family == AF_INET6) {
+	    int on = restricted_data_ports ? IPV6_PORTRANGE_HIGH
+					   : IPV6_PORTRANGE_DEFAULT;
+
+	    if (setsockopt(pdata, IPPROTO_IPV6, IPV6_PORTRANGE,
+			    (char *)&on, sizeof(on)) < 0)
+		    goto pasv_error;
+	}
+#endif
+
 	if (bind(pdata, (struct sockaddr *)&pasv_addr, len) < 0)
 		goto pasv_error;