Some patches for source routed packets from OpenBSD.
Rev 1.16 deraadt: do not warn about valid options; invalid options correctly quit Rev 1.15 deraadt: need not clear options since bad ones cause exit; provos@ws1.physnet.uni-hamburg.de Rev 1.14 deraadt: IPOPT_LSRR/IPOPT_SSRR must exit() due to tcp sequencing; pointed out by provos@wserver.physnet.uni-hamburg.de. also another 1-char buffer overflow. Reviewed by: Peter Wemm Obtained from: OpenSBD
This commit is contained in:
Warner Losh
parent
2631d5a8d1
commit
70dc969961
@ -252,9 +252,8 @@ doit(f, fromp)
|
||||
}
|
||||
#ifdef IP_OPTIONS
|
||||
{
|
||||
u_char optbuf[BUFSIZ/3], *cp;
|
||||
char lbuf[BUFSIZ], *lp;
|
||||
int optsize = sizeof(optbuf), ipproto;
|
||||
u_char optbuf[BUFSIZ/3];
|
||||
int optsize = sizeof(optbuf), ipproto, i;
|
||||
struct protoent *ip;
|
||||
|
||||
if ((ip = getprotobyname("ip")) != NULL)
|
||||
@ -263,17 +262,18 @@ doit(f, fromp)
|
||||
ipproto = IPPROTO_IP;
|
||||
if (getsockopt(0, ipproto, IP_OPTIONS, (char *)optbuf,
|
||||
&optsize) == 0 && optsize != 0) {
|
||||
lp = lbuf;
|
||||
for (cp = optbuf; optsize > 0; cp++, optsize--, lp += 3)
|
||||
sprintf(lp, " %2.2x", *cp);
|
||||
syslog(LOG_NOTICE,
|
||||
"Connection received using IP options (ignored):%s",
|
||||
lbuf);
|
||||
if (setsockopt(0, ipproto, IP_OPTIONS,
|
||||
(char *)NULL, optsize) != 0) {
|
||||
syslog(LOG_ERR,
|
||||
"setsockopt IP_OPTIONS NULL: %m");
|
||||
exit(1);
|
||||
for (i = 0; i < optsize; ) {
|
||||
u_char c = optbuf[i];
|
||||
if (c == IPOPT_LSRR || c == IPOPT_SSRR) {
|
||||
syslog(LOG_NOTICE,
|
||||
"Connection refused from %s with IP option %s",
|
||||
inet_ntoa(fromp->sin_addr),
|
||||
c == IPOPT_LSRR ? "LSRR" : "SSRR");
|
||||
exit(1);
|
||||
}
|
||||
if (c == IPOPT_EOL)
|
||||
break;
|
||||
i += (c == IPOPT_NOP) ? 1 : optbuf[i+1];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user