summaryrefslogtreecommitdiff
path: root/usr.sbin
diff options
context:
space:
mode:
authorTheo de Raadt <deraadt@cvs.openbsd.org>1996-09-21 07:56:32 +0000
committerTheo de Raadt <deraadt@cvs.openbsd.org>1996-09-21 07:56:32 +0000
commit21f56891f2decfb088a9909fac292495249a2e59 (patch)
tree5411e52a5344396c6fb3a3047e5c244ab52d09a0 /usr.sbin
parentc1ddfab92295e96e242b855d07a1078cd111affc (diff)
oflow protection, ftp bounce protection, dns spoof protection
Diffstat (limited to 'usr.sbin')
-rw-r--r--usr.sbin/lpr/lpd/lpd.c23
1 files changed, 21 insertions, 2 deletions
diff --git a/usr.sbin/lpr/lpd/lpd.c b/usr.sbin/lpr/lpd/lpd.c
index 00c3961a83c..37f3fcb30e0 100644
--- a/usr.sbin/lpr/lpd/lpd.c
+++ b/usr.sbin/lpr/lpd/lpd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: lpd.c,v 1.6 1996/08/07 00:20:49 deraadt Exp $ */
+/* $OpenBSD: lpd.c,v 1.7 1996/09/21 07:56:31 deraadt Exp $ */
/* $NetBSD: lpd.c,v 1.7 1996/04/24 14:54:06 mrg Exp $ */
/*
@@ -253,6 +253,10 @@ main(argc, argv)
domain = AF_INET, fromlen = sizeof(frominet);
s = accept(finet,
(struct sockaddr *)&frominet, &fromlen);
+ if (frominet.s_port == 20) {
+ close(s);
+ continue;
+ }
}
if (s < 0) {
if (errno != EINTR)
@@ -503,6 +507,7 @@ chkhost(f)
register FILE *hostf;
int first = 1;
extern char *inet_ntoa();
+ int good = 0;
f->sin_port = ntohs(f->sin_port);
if (f->sin_family != AF_INET || f->sin_port >= IPPORT_RESERVED ||
@@ -516,10 +521,24 @@ chkhost(f)
fatal("Host name for your address (%s) unknown",
inet_ntoa(f->sin_addr));
- (void) strncpy(fromb, hp->h_name, sizeof(fromb));
+ (void) strncpy(fromb, hp->h_name, sizeof(fromb)-1);
from[sizeof(fromb) - 1] = '\0';
from = fromb;
+ /* Check for spoof, ala rlogind */
+ hp = gethostbyname(fromb);
+ if (!hp)
+ fatal("hostname for your address (%s) unknown",
+ inet_ntoa(f->sin_addr));
+ for (; good == 0 && hp->h_addr_list[0] != NULL; hp->h_addr_list++) {
+ if (!bcmp(hp->h_addr_list[0], (caddr_t)&f->sin_addr,
+ sizeof(f->sin_addr)))
+ good = 1;
+ }
+ if (good == 0)
+ fatal("address for your hostname (%s) not matched",
+ inet_ntoa(f->sin_addr));
+
hostf = fopen(_PATH_HOSTSEQUIV, "r");
again:
if (hostf) {