summaryrefslogtreecommitdiff
path: root/usr.sbin
diff options
context:
space:
mode:
authorjoshd <joshd@cvs.openbsd.org>1996-07-28 05:13:20 +0000
committerjoshd <joshd@cvs.openbsd.org>1996-07-28 05:13:20 +0000
commit0c712494a144b27a880799b0cd79be293f092185 (patch)
treee639e10bcfb0abc4dbf9a90512a9279855f9a5d6 /usr.sbin
parent0a66eee12b9cc1b7d3d550235f37dd012b5d30f1 (diff)
Do not allow hosts to connect to servers from
source ports < IPPORT_RESERVED/2. This is for ftp bounce attacks,
Diffstat (limited to 'usr.sbin')
-rw-r--r--usr.sbin/inetd/inetd.c17
1 files changed, 14 insertions, 3 deletions
diff --git a/usr.sbin/inetd/inetd.c b/usr.sbin/inetd/inetd.c
index d854d591cd0..b3963bc1f79 100644
--- a/usr.sbin/inetd/inetd.c
+++ b/usr.sbin/inetd/inetd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: inetd.c,v 1.6 1996/06/29 01:02:24 deraadt Exp $ */
+/* $OpenBSD: inetd.c,v 1.7 1996/07/28 05:13:19 joshd Exp $ */
/* $NetBSD: inetd.c,v 1.11 1996/02/22 11:14:41 mycroft Exp $ */
/*
* Copyright (c) 1983,1991 The Regents of the University of California.
@@ -41,7 +41,7 @@ char copyright[] =
#ifndef lint
/*static char sccsid[] = "from: @(#)inetd.c 5.30 (Berkeley) 6/3/91";*/
-static char rcsid[] = "$OpenBSD: inetd.c,v 1.6 1996/06/29 01:02:24 deraadt Exp $";
+static char rcsid[] = "$OpenBSD: inetd.c,v 1.7 1996/07/28 05:13:19 joshd Exp $";
#endif /* not lint */
/*
@@ -275,8 +275,9 @@ main(argc, argv, envp)
register struct group *grp;
register int tmpint;
struct sigvec sv;
- int ch, pid, dofork;
+ int ch, pid, dofork, plen;
char buf[50];
+ struct sockaddr_in peer;
Argv = argv;
if (envp == 0 || *envp == 0)
@@ -380,6 +381,16 @@ main(argc, argv, envp)
sep->se_service);
continue;
}
+ plen = sizeof(peer);
+ if (getpeername(ctrl, (struct sockaddr *)&peer, &plen) < 0)
+ { syslog(LOG_WARNING, "could not getpeername");
+ continue;
+ }
+ if (ntohs(peer.sin_port) == 20)
+ { syslog(LOG_INFO, "Connect to %s from port %d",
+ sep->se_service, ntohs(peer.sin_port));
+ continue;
+ }
} else
ctrl = sep->se_fd;
(void) sigblock(SIGBLOCK);