summaryrefslogtreecommitdiff
path: root/usr.sbin
diff options
context:
space:
mode:
authorTheo de Raadt <deraadt@cvs.openbsd.org>1997-04-04 09:07:06 +0000
committerTheo de Raadt <deraadt@cvs.openbsd.org>1997-04-04 09:07:06 +0000
commit12bd10efb1fdc2ce4794da32c1cf995df62e2c7b (patch)
tree752d5d2e2be7c0b0923c31d093f6d958abeb8783 /usr.sbin
parent0d68689e275b89a4a6df804d976ab7d653809225 (diff)
blow away source routed sockets
Diffstat (limited to 'usr.sbin')
-rw-r--r--usr.sbin/named/named/ns_main.c31
1 files changed, 27 insertions, 4 deletions
diff --git a/usr.sbin/named/named/ns_main.c b/usr.sbin/named/named/ns_main.c
index df4a0e306dd..736b59bf112 100644
--- a/usr.sbin/named/named/ns_main.c
+++ b/usr.sbin/named/named/ns_main.c
@@ -1,11 +1,11 @@
-/* $OpenBSD: ns_main.c,v 1.3 1997/03/12 10:42:31 downsj Exp $ */
+/* $OpenBSD: ns_main.c,v 1.4 1997/04/04 09:07:05 deraadt Exp $ */
#if !defined(lint) && !defined(SABER)
#if 0
static char sccsid[] = "@(#)ns_main.c 4.55 (Berkeley) 7/1/91";
static char rcsid[] = "$From: ns_main.c,v 8.24 1996/11/26 10:11:22 vixie Exp $";
#else
-static char rcsid[] = "$OpenBSD: ns_main.c,v 1.3 1997/03/12 10:42:31 downsj Exp $";
+static char rcsid[] = "$OpenBSD: ns_main.c,v 1.4 1997/04/04 09:07:05 deraadt Exp $";
#endif
#endif /* not lint */
@@ -90,7 +90,10 @@ char copyright[] =
#endif
#include <sys/ioctl.h>
#include <sys/socket.h>
+#include <netinet/in_systm.h>
#include <netinet/in.h>
+#include <netinet/ip.h>
+#include <netinet/ip_var.h>
#if defined(__osf__)
# include <sys/mbuf.h>
# include <net/route.h>
@@ -193,7 +196,7 @@ main(argc, argv, envp)
FILE *fp; /* file descriptor for pid file */
#endif
#ifdef IP_OPTIONS
- u_char ip_opts[50]; /* arbitrary size */
+ struct ipoption ip_opts;
#endif
#ifdef RLIMIT_NOFILE
struct rlimit rl;
@@ -742,14 +745,32 @@ main(argc, argv, envp)
#if defined(IP_OPTIONS)
len = sizeof ip_opts;
if (getsockopt(rfd, IPPROTO_IP, IP_OPTIONS,
- (char *)ip_opts, &len) < 0) {
+ (char *)&ip_opts, &len) < 0) {
syslog(LOG_INFO,
"getsockopt(rfd, IP_OPTIONS): %m");
(void) my_close(rfd);
continue;
}
if (len != 0) {
+ int i;
+
nameserIncr(from_addr.sin_addr, nssRcvdOpts);
+ /* any socket with an LSRR or SSRR option
+ * must be killed immediately or it can be
+ * tcp sequenced */
+ for (i = 0; (void *)&ip_opts.ipopt_list[i] -
+ (void *)&ip_opts < len && rfd != -1; ) {
+ u_char c = (u_char)ip_opts.ipopt_list[i];
+ if (c == IPOPT_LSRR || c == IPOPT_SSRR) {
+ my_close(rfd);
+ rfd = -1;
+ break;
+ }
+ if (c == IPOPT_EOL)
+ break;
+ i += (c == IPOPT_NOP) ? 1 :
+ (u_char)ip_opts.ipopt_list[i+1];
+ }
if (!haveComplained((char*)
from_addr.sin_addr.s_addr,
"rcvd ip options")) {
@@ -758,6 +779,8 @@ main(argc, argv, envp)
inet_ntoa(from_addr.sin_addr),
ntohs(from_addr.sin_port));
}
+ if (rfd == -1) /* LSRR or SSRR killed it */
+ continue;
if (setsockopt(rfd, IPPROTO_IP, IP_OPTIONS,
NULL, 0) < 0) {
syslog(LOG_INFO,