From f9f4cd0cdcf1d242a39aaf4449d27c60fa98418c Mon Sep 17 00:00:00 2001
From: Jun-ichiro itojun Hagino <itojun@cvs.openbsd.org>
Date: Fri, 7 Jun 2002 07:37:42 +0000
Subject: do not respond to udp service if ip_src matches broadcast addr.  theo
 ok

---
 usr.sbin/inetd/inetd.c | 33 +++++++++++++++++++++++++++++----
 1 file changed, 29 insertions(+), 4 deletions(-)

diff --git a/usr.sbin/inetd/inetd.c b/usr.sbin/inetd/inetd.c
index 349c9de15de..3d83e1eca3c 100644
--- a/usr.sbin/inetd/inetd.c
+++ b/usr.sbin/inetd/inetd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: inetd.c,v 1.98 2002/06/01 03:42:06 itojun Exp $	*/
+/*	$OpenBSD: inetd.c,v 1.99 2002/06/07 07:37:41 itojun Exp $	*/
 /*	$NetBSD: inetd.c,v 1.11 1996/02/22 11:14:41 mycroft Exp $	*/
 /*
  * Copyright (c) 1983,1991 The Regents of the University of California.
@@ -41,7 +41,7 @@ char copyright[] =
 
 #ifndef lint
 /*static char sccsid[] = "from: @(#)inetd.c	5.30 (Berkeley) 6/3/91";*/
-static char rcsid[] = "$OpenBSD: inetd.c,v 1.98 2002/06/01 03:42:06 itojun Exp $";
+static char rcsid[] = "$OpenBSD: inetd.c,v 1.99 2002/06/07 07:37:41 itojun Exp $";
 #endif /* not lint */
 
 /*
@@ -150,6 +150,7 @@ static char rcsid[] = "$OpenBSD: inetd.c,v 1.98 2002/06/01 03:42:06 itojun Exp $
 #define RLIMIT_NOFILE	RLIMIT_OFILE
 #endif
 
+#include <net/if.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
 
@@ -165,6 +166,7 @@ static char rcsid[] = "$OpenBSD: inetd.c,v 1.98 2002/06/01 03:42:06 itojun Exp $
 #include <unistd.h>
 #include <string.h>
 #include <login_cap.h>
+#include <ifaddrs.h>
 #include <rpc/rpc.h>
 #include <rpc/pmap_clnt.h>
 #include <rpcsvc/nfs_prot.h>
@@ -567,7 +569,8 @@ dg_badinput(sa)
 		case 0: case 127: case 255:
 			goto bad;
 		}
-		/* XXX should check for subnet broadcast using getifaddrs(3) */
+		if (dg_broadcast(&in))
+			goto bad;
 		break;
 	case AF_INET6:
 		in6 = &((struct sockaddr_in6 *)sa)->sin6_addr;
@@ -600,6 +603,29 @@ bad:
 	return (1);
 }
 
+int
+dg_broadcast(in)
+	struct in_addr *in;
+{
+	struct ifaddrs *ifa, *ifap;
+	struct sockaddr_in *sin;
+
+	if (getifaddrs(&ifap) < 0)
+		return (0);
+	for (ifa = ifap; ifa; ifa = ifa->ifa_next) {
+		if (ifa->ifa_addr->sa_family != AF_INET ||
+		    (ifa->ifa_flags & IFF_BROADCAST) == 0)
+			continue;
+		sin = (struct sockaddr_in *)ifa->ifa_addr;
+		if (sin->sin_addr.s_addr == in->s_addr) {
+			freeifaddrs(ifap);
+			return (1);
+		}
+	}
+	freeifaddrs(ifap);
+	return (0);
+}
+
 void
 reap(int sig)
 {
@@ -2054,4 +2080,3 @@ spawn(sep, ctrl)
 	if (!sep->se_wait && sep->se_socktype == SOCK_STREAM)
 		close(ctrl);
 }
-
-- 
cgit v1.2.3