Bugzilla – Attachment 2824 Details for
Bug 1644
Allow ip options except source routing
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Whitelist of safe options
openssh-6.6p1-allow-ip-opts.patch (text/plain), 1.06 KB, created by
Jakub Jelen
on 2016-06-04 00:05:22 AEST
(
hide
)
Description:
Whitelist of safe options
Filename:
MIME Type:
Creator:
Jakub Jelen
Created:
2016-06-04 00:05:22 AEST
Size:
1.06 KB
patch
obsolete
>diff --git a/canohost.c b/canohost.c >index a61a8c9..97ce58c 100644 >--- a/canohost.c >+++ b/canohost.c >@@ -165,12 +165,29 @@ check_ip_options(int sock, char *ipaddr) > option_size = sizeof(options); > if (getsockopt(sock, ipproto, IP_OPTIONS, options, > &option_size) >= 0 && option_size != 0) { >- text[0] = '\0'; >- for (i = 0; i < option_size; i++) >- snprintf(text + i*3, sizeof(text) - i*3, >- " %2.2x", options[i]); >- fatal("Connection from %.100s with IP options:%.800s", >- ipaddr, text); >+ i = 0; >+ do { >+ switch (options[i]) { >+ case 0: >+ case 1: >+ ++i; >+ break; >+ case 130: >+ case 133: >+ case 134: >+ i += options[i + 1]; >+ break; >+ default: >+ /* Fail, fatally, if we detect either loose or strict >+ * source routing options. */ >+ text[0] = '\0'; >+ for (i = 0; i < option_size; i++) >+ snprintf(text + i*3, sizeof(text) - i*3, >+ " %2.2x", options[i]); >+ fatal("Connection from %.100s with IP options:%.800s", >+ ipaddr, text); >+ } >+ } while (i < option_size); > } > #endif /* IP_OPTIONS */ > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2824">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1644
:
1691
|
1693
| 2824