Fix a bug in the hack that protects against FTP bounce attacks.

It used to loop back up to the accept() call and block there, shutting out all other transports until a new connection came in. Now it returns instead after dropping the connection. That will take it back to the select() loop where all transports can be serviced. I intend to MFC this within a day or two since it fixes a DoS vulnerability.
1999-11-17 01:54:17 +00:00 · 1999-11-17 01:54:17 +00:00 · 3776d08208
commit 3776d08208
parent 98a212df1f
1 changed files with 2 additions and 3 deletions
--- a/lib/libc/rpc/svc_tcp.c
+++ b/lib/libc/rpc/svc_tcp.c
@ -244,12 +244,11 @@ rendezvous_request(xprt)
 	       return (FALSE);
 	}
 	/*
-	 * XXX careful for ftp bounce attacks. If discovered, close the
-	 * socket and look for another connection.
+	 * Guard against FTP bounce attacks.
 	 */
 	if (addr.sin_port == htons(20)) {
 		close(sock);
-		goto again;
+		return (FALSE);
 	}
 	/*
 	 * make a new transporter (re-uses xprt)