summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFederico G. Schwindt <fgsch@cvs.openbsd.org>2001-04-02 09:12:44 +0000
committerFederico G. Schwindt <fgsch@cvs.openbsd.org>2001-04-02 09:12:44 +0000
commit63a05e086a56ff9371430a3db2fe2ced8874460a (patch)
tree4ec4fe908fcca5b2accae54ed0551f8e971d7d72
parentbd9613954f098a85a947820ebcd896de8bcdac3a (diff)
Security fix; discard short packets.
-rw-r--r--usr.sbin/timed/timedc/cmds.c31
1 files changed, 22 insertions, 9 deletions
diff --git a/usr.sbin/timed/timedc/cmds.c b/usr.sbin/timed/timedc/cmds.c
index d85078513bf..2410da4c986 100644
--- a/usr.sbin/timed/timedc/cmds.c
+++ b/usr.sbin/timed/timedc/cmds.c
@@ -36,7 +36,7 @@ static char sccsid[] = "@(#)cmds.c 5.1 (Berkeley) 5/11/93";
#endif /* not lint */
#ifdef sgi
-#ident "$Revision: 1.4 $"
+#ident "$Revision: 1.5 $"
#endif
#include "timedc.h"
@@ -89,7 +89,7 @@ daydiff(char *hostname)
int trials;
struct timeval tout, now;
fd_set ready;
- struct sockaddr from;
+ struct sockaddr_in from;
int fromlen;
unsigned long sec;
@@ -122,7 +122,7 @@ daydiff(char *hostname)
fromlen = sizeof(from);
if (recvfrom(sock,&sec,sizeof(sec),0,
- &from,&fromlen) < 0) {
+ (struct sockaddr *)&from,&fromlen) < 0) {
perror("recvfrom(date read)");
return 0;
}
@@ -275,7 +275,7 @@ msite(int argc, char *argv[])
fd_set ready;
struct sockaddr_in dest;
int i, length;
- struct sockaddr from;
+ struct sockaddr_in from;
struct timeval tout;
struct tsp msg;
struct servent *srvp;
@@ -324,13 +324,21 @@ msite(int argc, char *argv[])
FD_SET(sock, &ready);
if (select(FD_SETSIZE, &ready, (fd_set *)0, (fd_set *)0,
&tout)) {
- length = sizeof(struct sockaddr);
+ length = sizeof(from);
cc = recvfrom(sock, &msg, sizeof(struct tsp), 0,
- &from, &length);
+ (struct sockaddr *)&from, &length);
if (cc < 0) {
perror("recvfrom");
continue;
}
+ if (cc < sizeof(struct tsp)) {
+ fprintf(stderr,
+ "short packet (%u/%u bytes) from %s\n",
+ cc, sizeof(struct tsp),
+ inet_ntoa(from.sin_addr));
+ continue;
+ }
+ bytehostorder(&msg);
bytehostorder(&msg);
if (msg.tsp_type == TSP_ACK) {
printf("master timedaemon at %s is %s\n",
@@ -416,7 +424,7 @@ tracing(int argc, char *argv[])
int cc;
fd_set ready;
struct sockaddr_in dest;
- struct sockaddr from;
+ struct sockaddr_in from;
struct timeval tout;
struct tsp msg;
struct servent *srvp;
@@ -461,13 +469,18 @@ tracing(int argc, char *argv[])
FD_ZERO(&ready);
FD_SET(sock, &ready);
if (select(FD_SETSIZE, &ready, (fd_set *)0, (fd_set *)0, &tout)) {
- length = sizeof(struct sockaddr);
+ length = sizeof(from);
cc = recvfrom(sock, &msg, sizeof(struct tsp), 0,
- &from, &length);
+ (struct sockaddr *)&from, &length);
if (cc < 0) {
perror("recvfrom");
return;
}
+ if (cc < sizeof(struct tsp)) {
+ fprintf(stderr, "short packet (%u/%u bytes) from %s\n",
+ cc, sizeof(struct tsp), inet_ntoa(from.sin_addr));
+ return;
+ }
bytehostorder(&msg);
if (msg.tsp_type == TSP_ACK)
if (onflag)