Attachment #1693 for bug #1644




	option_size = sizeof(options);
	if (getsockopt(sock, ipproto, IP_OPTIONS, options,
	    &option_size) >= 0 && option_size != 0) {
		i = 0;
		do {
			switch (options[i]) {
				case 0:
				case 1:
					++i;
					break;
				case 131:
				case 137:
				/* Fail, fatally, if we detect either loose or strict
			 	 * source routing options. */
					text[0] = '\0';
					for (i = 0; i < option_size; i++)
						snprintf(text + i*3, sizeof(text) - i*3,
							" %2.2x", options[i]);
					fatal("Connection from %.100s with IP options:%.800s",
						ipaddr, text);
				default:
					i += options[i + 1];
			}
		} while (i < option_size);
	}
#endif /* IP_OPTIONS */
}

Return to bug 1644

Lines 169-180 check_ip_options(int sock, char *ipaddr) Link Here

(-)openssh-5.2p1/canohost.c.ip-opts (-6 / +21 lines)
169	option_size = sizeof(options);	169	option_size = sizeof(options);
170	if (getsockopt(sock, ipproto, IP_OPTIONS, options,	170	if (getsockopt(sock, ipproto, IP_OPTIONS, options,
171	&option_size) >= 0 && option_size != 0) {	171	&option_size) >= 0 && option_size != 0) {
172	text[0] = '\0';	172	i = 0;
173	for (i = 0; i < option_size; i++)	173	do {
174	snprintf(text + i3, sizeof(text) - i3,	174	switch (options[i]) {
175	" %2.2x", options[i]);	175	case 0:
176	fatal("Connection from %.100s with IP options:%.800s",	176	case 1:
177	ipaddr, text);	177	++i;
		178	break;
		179	case 131:
		180	case 137:
		181	/* Fail, fatally, if we detect either loose or strict
		182	* source routing options. */
		183	text[0] = '\0';
		184	for (i = 0; i < option_size; i++)
		185	snprintf(text + i3, sizeof(text) - i3,
		186	" %2.2x", options[i]);
		187	fatal("Connection from %.100s with IP options:%.800s",
		188	ipaddr, text);
		189	default:
		190	i += options[i + 1];
		191	}
		192	} while (i < option_size);
178	}	193	}
179	#endif /* IP_OPTIONS */	194	#endif /* IP_OPTIONS */
180	}	195	}