Attachment 1691 Details for Bug 1644 – Patch solving the problem

[patch] Patch solving the problem

ip-opts.patch (text/plain), 1.31 KB, created by jchadima on 2009-09-01 21:30:51 AEST

(hide)

Description:

Filename:

MIME Type:

Creator: jchadima

Created: 2009-09-01 21:30:51 AEST

Size: 1.31 KB

patch

obsolete

>diff -up openssh-5.2p1/canohost.c.ip-opts openssh-5.2p1/canohost.c
>--- openssh-5.2p1/canohost.c.ip-opts	2009-02-14 06:28:21.000000000 +0100
>+++ openssh-5.2p1/canohost.c	2009-08-12 23:24:20.245129060 +0200
>@@ -161,6 +161,7 @@ check_ip_options(int sock, char *ipaddr)
> 	u_int i;
> 	int ipproto;
> 	struct protoent *ip;
>+	u_int opt_iter;
> 
> 	if ((ip = getprotobyname("ip")) != NULL)
> 		ipproto = ip->p_proto;
>@@ -169,13 +170,23 @@ check_ip_options(int sock, char *ipaddr)
> 	option_size = sizeof(options);
> 	if (getsockopt(sock, ipproto, IP_OPTIONS, options,
> 	    &option_size) >= 0 && option_size != 0) {
>-		text[0] = '\0';
>-		for (i = 0; i < option_size; i++)
>-			snprintf(text + i*3, sizeof(text) - i*3,
>-			    " %2.2x", options[i]);
>-		fatal("Connection from %.100s with IP options:%.800s",
>-		    ipaddr, text);
>+		opt_iter = 0;
>+		do {
>+			/* Fail, fatally, if we detect either loose or strict
>+			 * source routing options. */
>+			if (options[opt_iter] == 131 ||
>+			    options[opt_iter] == 137)
>+				goto fail;
>+			opt_iter += options[opt_iter + 1] + 2;
>+		} while (opt_iter < option_size);
> 	}
>+	return;
>+
>+fail:
>+	text[0] = '\0';
>+	for (i = 0; i < option_size; i++)
>+		snprintf(text + i*3, sizeof(text) - i*3, " %2.2x", options[i]);
>+	fatal("Connection from %.100s with IP options:%.800s", ipaddr, text);
> #endif /* IP_OPTIONS */
> }
>

Actions: View | Diff

Attachments on bug 1644: 1691 | 1693 | 2824