summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@cvs.openbsd.org>2005-10-30 08:29:30 +0000
committerDarren Tucker <dtucker@cvs.openbsd.org>2005-10-30 08:29:30 +0000
commitfe031a5521facc77367088d9384ba6d6cdb66c10 (patch)
treea7331af66a0047f2fa8ec52d48a5eb81f97638a9
parenteae4849a2712ab9facdd528678ae7c33568cbcfb (diff)
Check for connections with IP options earlier and drop silently. ok djm@
-rw-r--r--usr.bin/ssh/canohost.c6
-rw-r--r--usr.bin/ssh/sshd.c9
2 files changed, 9 insertions, 6 deletions
diff --git a/usr.bin/ssh/canohost.c b/usr.bin/ssh/canohost.c
index f3296ceecd9..2c3375014f9 100644
--- a/usr.bin/ssh/canohost.c
+++ b/usr.bin/ssh/canohost.c
@@ -12,7 +12,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: canohost.c,v 1.45 2005/10/03 07:44:42 dtucker Exp $");
+RCSID("$OpenBSD: canohost.c,v 1.46 2005/10/30 08:29:29 dtucker Exp $");
#include "packet.h"
#include "xmalloc.h"
@@ -152,9 +152,7 @@ check_ip_options(int sock, char *ipaddr)
for (i = 0; i < option_size; i++)
snprintf(text + i*3, sizeof(text) - i*3,
" %2.2x", options[i]);
- logit("Connection from %.100s with IP options:%.800s",
- ipaddr, text);
- packet_disconnect("Connection from %.100s with IP options:%.800s",
+ fatal("Connection from %.100s with IP options:%.800s",
ipaddr, text);
}
}
diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c
index 97342822cd2..58acf57f8f5 100644
--- a/usr.bin/ssh/sshd.c
+++ b/usr.bin/ssh/sshd.c
@@ -42,7 +42,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.315 2005/09/21 23:37:11 djm Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.316 2005/10/30 08:29:29 dtucker Exp $");
#include <openssl/dh.h>
#include <openssl/bn.h>
@@ -1571,7 +1571,12 @@ main(int ac, char **av)
debug("get_remote_port failed");
cleanup_exit(255);
}
- remote_ip = get_remote_ipaddr();
+
+ /*
+ * We use get_canonical_hostname with usedns = 0 instead of
+ * get_remote_ipaddr here so IP options will be checked.
+ */
+ remote_ip = get_canonical_hostname(0);
#ifdef LIBWRAP
/* Check whether logins are denied from this host. */