diff options
| author | brian <brian@cvs.openbsd.org> | 2001-09-13 10:32:57 +0000 |
|---|---|---|
| committer | brian <brian@cvs.openbsd.org> | 2001-09-13 10:32:57 +0000 |
| commit | 6f59a53aada4d82c128907d2445ad02a7279a9d8 (patch) | |
| tree | 045825ef9857866cee49c352a990ffbfc7f63077 | |
| parent | 604962c013f7dd73868ccaf5fdf3cbdf52aa99b1 (diff) | |
Be a bit more paranoid about CTCP traffic; FreeBSD
| -rw-r--r-- | usr.sbin/ppp/ppp/alias_irc.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/usr.sbin/ppp/ppp/alias_irc.c b/usr.sbin/ppp/ppp/alias_irc.c index e21f4b34e02..17a7f5ef319 100644 --- a/usr.sbin/ppp/ppp/alias_irc.c +++ b/usr.sbin/ppp/ppp/alias_irc.c @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $OpenBSD: alias_irc.c,v 1.8 2001/08/21 04:09:16 brian Exp $ + * $OpenBSD: alias_irc.c,v 1.9 2001/09/13 10:32:56 brian Exp $ */ /* Alias_irc.c intercepts packages contain IRC CTCP commands, and @@ -236,6 +236,12 @@ lFOUND_CTCP: true_addr.s_addr = htonl(org_addr); destaddr.s_addr = 0; + /* Sanity/Security checking */ + if (!org_addr || !org_port || + pip->ip_src.s_addr != true_addr.s_addr || + org_port < IPPORT_RESERVED) + goto lBAD_CTCP; + /* Steal the FTP_DATA_PORT - it doesn't really matter, and this would probably allow it through at least _some_ firewalls. */ |