diff options
author | Darren Tucker <dtucker@cvs.openbsd.org> | 2005-10-30 08:29:30 +0000 |
---|---|---|
committer | Darren Tucker <dtucker@cvs.openbsd.org> | 2005-10-30 08:29:30 +0000 |
commit | fe031a5521facc77367088d9384ba6d6cdb66c10 (patch) | |
tree | a7331af66a0047f2fa8ec52d48a5eb81f97638a9 | |
parent | eae4849a2712ab9facdd528678ae7c33568cbcfb (diff) |
Check for connections with IP options earlier and drop silently. ok djm@
-rw-r--r-- | usr.bin/ssh/canohost.c | 6 | ||||
-rw-r--r-- | usr.bin/ssh/sshd.c | 9 |
2 files changed, 9 insertions, 6 deletions
diff --git a/usr.bin/ssh/canohost.c b/usr.bin/ssh/canohost.c index f3296ceecd9..2c3375014f9 100644 --- a/usr.bin/ssh/canohost.c +++ b/usr.bin/ssh/canohost.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: canohost.c,v 1.45 2005/10/03 07:44:42 dtucker Exp $"); +RCSID("$OpenBSD: canohost.c,v 1.46 2005/10/30 08:29:29 dtucker Exp $"); #include "packet.h" #include "xmalloc.h" @@ -152,9 +152,7 @@ check_ip_options(int sock, char *ipaddr) for (i = 0; i < option_size; i++) snprintf(text + i*3, sizeof(text) - i*3, " %2.2x", options[i]); - logit("Connection from %.100s with IP options:%.800s", - ipaddr, text); - packet_disconnect("Connection from %.100s with IP options:%.800s", + fatal("Connection from %.100s with IP options:%.800s", ipaddr, text); } } diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c index 97342822cd2..58acf57f8f5 100644 --- a/usr.bin/ssh/sshd.c +++ b/usr.bin/ssh/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.315 2005/09/21 23:37:11 djm Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.316 2005/10/30 08:29:29 dtucker Exp $"); #include <openssl/dh.h> #include <openssl/bn.h> @@ -1571,7 +1571,12 @@ main(int ac, char **av) debug("get_remote_port failed"); cleanup_exit(255); } - remote_ip = get_remote_ipaddr(); + + /* + * We use get_canonical_hostname with usedns = 0 instead of + * get_remote_ipaddr here so IP options will be checked. + */ + remote_ip = get_canonical_hostname(0); #ifdef LIBWRAP /* Check whether logins are denied from this host. */ |