|
Lines 161-166
check_ip_options(int sock, char *ipaddr)
Link Here
|
| 161 |
u_int i; |
161 |
u_int i; |
| 162 |
int ipproto; |
162 |
int ipproto; |
| 163 |
struct protoent *ip; |
163 |
struct protoent *ip; |
|
|
164 |
u_int opt_iter; |
| 164 |
|
165 |
|
| 165 |
if ((ip = getprotobyname("ip")) != NULL) |
166 |
if ((ip = getprotobyname("ip")) != NULL) |
| 166 |
ipproto = ip->p_proto; |
167 |
ipproto = ip->p_proto; |
|
Lines 169-181
check_ip_options(int sock, char *ipaddr)
Link Here
|
| 169 |
option_size = sizeof(options); |
170 |
option_size = sizeof(options); |
| 170 |
if (getsockopt(sock, ipproto, IP_OPTIONS, options, |
171 |
if (getsockopt(sock, ipproto, IP_OPTIONS, options, |
| 171 |
&option_size) >= 0 && option_size != 0) { |
172 |
&option_size) >= 0 && option_size != 0) { |
| 172 |
text[0] = '\0'; |
173 |
opt_iter = 0; |
| 173 |
for (i = 0; i < option_size; i++) |
174 |
do { |
| 174 |
snprintf(text + i*3, sizeof(text) - i*3, |
175 |
/* Fail, fatally, if we detect either loose or strict |
| 175 |
" %2.2x", options[i]); |
176 |
* source routing options. */ |
| 176 |
fatal("Connection from %.100s with IP options:%.800s", |
177 |
if (options[opt_iter] == 131 || |
| 177 |
ipaddr, text); |
178 |
options[opt_iter] == 137) |
|
|
179 |
goto fail; |
| 180 |
opt_iter += options[opt_iter + 1] + 2; |
| 181 |
} while (opt_iter < option_size); |
| 178 |
} |
182 |
} |
|
|
183 |
return; |
| 184 |
|
| 185 |
fail: |
| 186 |
text[0] = '\0'; |
| 187 |
for (i = 0; i < option_size; i++) |
| 188 |
snprintf(text + i*3, sizeof(text) - i*3, " %2.2x", options[i]); |
| 189 |
fatal("Connection from %.100s with IP options:%.800s", ipaddr, text); |
| 179 |
#endif /* IP_OPTIONS */ |
190 |
#endif /* IP_OPTIONS */ |
| 180 |
} |
191 |
} |
| 181 |
|
192 |
|