diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 1996-08-04 12:58:27 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 1996-08-04 12:58:27 +0000 |
| commit | f7488d4536d197f9abacdcbda2f34a2d74521665 (patch) | |
| tree | 49fe7887391fb69d0deab130a86ef3f0b77a8f66 /usr.bin/sup | |
| parent | 40519ed81c846b52541a81347f30862d84acf3de (diff) | |
ftp bounce protection
Diffstat (limited to 'usr.bin/sup')
| -rw-r--r-- | usr.bin/sup/src/scm.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/usr.bin/sup/src/scm.c b/usr.bin/sup/src/scm.c index e08121584a5..d3a01f83d84 100644 --- a/usr.bin/sup/src/scm.c +++ b/usr.bin/sup/src/scm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scm.c,v 1.2 1996/06/26 05:39:47 deraadt Exp $ */ +/* $OpenBSD: scm.c,v 1.3 1996/08/04 12:58:26 deraadt Exp $ */ /* * Copyright (c) 1992 Carnegie Mellon University @@ -71,6 +71,9 @@ * since Tahoe version of <netinet/in.h> does not define them. * * $Log: scm.c,v $ + * Revision 1.3 1996/08/04 12:58:26 deraadt + * ftp bounce protection + * * Revision 1.2 1996/06/26 05:39:47 deraadt * rcsid * @@ -280,6 +283,7 @@ service () struct sockaddr_in from; int x,len; +again: remotename = NULL; len = sizeof (from); do { @@ -287,6 +291,12 @@ service () } while (netfile < 0 && errno == EINTR); if (netfile < 0) return (scmerr (errno,"Can't accept connections")); + + /* protection against ftp bounce attack */ + if (from.sin_port == htons(20)) { + close(netfile); + goto again; + } remoteaddr = from.sin_addr; if (read(netfile,(char *)&x,sizeof(int)) != sizeof(int)) return (scmerr (errno,"Can't transmit data on connection")); |