diff options
-rw-r--r-- | libexec/ftpd/ftpcmd.y | 21 | ||||
-rw-r--r-- | libexec/ftpd/ftpd.8 | 12 | ||||
-rw-r--r-- | libexec/ftpd/ftpd.c | 9 |
3 files changed, 33 insertions, 9 deletions
diff --git a/libexec/ftpd/ftpcmd.y b/libexec/ftpd/ftpcmd.y index d28d5879e46..87e286645f0 100644 --- a/libexec/ftpd/ftpcmd.y +++ b/libexec/ftpd/ftpcmd.y @@ -88,6 +88,8 @@ extern char proctitle[]; extern int usedefault; extern int transflag; extern char tmpline[]; +extern int portcheck; +extern struct sockaddr_in his_addr; off_t restart_point; @@ -158,12 +160,21 @@ cmd | PORT check_login SP host_port CRLF { if ($2) { - usedefault = 0; - if (pdata >= 0) { - (void) close(pdata); - pdata = -1; + if (portcheck && (ntohs(data_dest.sin_port) < + IPPORT_RESERVED || + memcmp(&data_dest.sin_addr, + &his_addr.sin_addr, + sizeof data_dest.sin_addr))) { + usedefault = 1; + reply(500, "Illegal PORT rejected."); + } else { + usedefault = 0; + if (pdata >= 0) { + (void) close(pdata); + pdata = -1; + } + reply(200, "PORT command successful."); } - reply(200, "PORT command successful."); } } | PASV check_login CRLF diff --git a/libexec/ftpd/ftpd.8 b/libexec/ftpd/ftpd.8 index c4a39ef11f6..616172747e7 100644 --- a/libexec/ftpd/ftpd.8 +++ b/libexec/ftpd/ftpd.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ftpd.8,v 1.12 1997/05/01 14:45:36 deraadt Exp $ +.\" $OpenBSD: ftpd.8,v 1.13 1997/12/12 08:55:09 deraadt Exp $ .\" $NetBSD: ftpd.8,v 1.8 1996/01/14 20:55:23 thorpej Exp $ .\" .\" Copyright (c) 1985, 1988, 1991, 1993 @@ -43,7 +43,7 @@ Internet File Transfer Protocol server .Sh SYNOPSIS .Nm ftpd -.Op Fl dDhlMSU +.Op Fl dDhlMSUP .Op Fl T Ar maxtimeout .Op Fl t Ar timeout .Op Fl u Ar mask @@ -94,6 +94,14 @@ for anonymous transfers, a directory matching the fully qualified name of IP number the client connected to, and located inside .Pa ~ftp is used instead. +.It Fl P +Permit illegal port numbers or addresses for PORT command initiated connects. +By default +.Xr ftpd 8 +violates the RFC and thus constrains the PORT command to non-reserved ports +and requires it use the same source address as the connection came from. +This prevents the "FTP bounce attack" against services on both the local +machine and other local machines. .It Fl S With this option set, .Nm ftpd diff --git a/libexec/ftpd/ftpd.c b/libexec/ftpd/ftpd.c index c8142761bcf..ef490c916b0 100644 --- a/libexec/ftpd/ftpd.c +++ b/libexec/ftpd/ftpd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ftpd.c,v 1.44 1997/08/06 00:18:00 angelos Exp $ */ +/* $OpenBSD: ftpd.c,v 1.45 1997/12/12 08:55:09 deraadt Exp $ */ /* $NetBSD: ftpd.c,v 1.15 1995/06/03 22:46:47 mycroft Exp $ */ /* @@ -133,6 +133,7 @@ int multihome = 0; int guest; int stats; int statfd = -1; +int portcheck = 1; int dochroot; int type; int form; @@ -248,7 +249,7 @@ main(argc, argv, envp) int addrlen, ch, on = 1, tos; char *cp, line[LINE_MAX]; FILE *fd; - char *argstr = "AdDhlMSt:T:u:Uv"; + char *argstr = "AdDhlMSt:T:u:UvP"; struct hostent *hp; tzset(); /* in case no timezone database in ~ftp */ @@ -270,6 +271,10 @@ main(argc, argv, envp) daemon_mode = 1; break; + case 'P': + portcheck = 0; + break; + case 'h': high_data_ports = 1; break; |