Blame openssh-6.6p1-allow-ip-opts.patch
|
![](https://seccdn.libravatar.org/avatar/bc84285c5ca7a993e6013b3df0cd5c6239503a336104c5aa0ee7e4edc788fe90?s=16&d=retro) |
5878ebb |
diff -up openssh/sshd.c.ip-opts openssh/sshd.c
|
|
![](https://seccdn.libravatar.org/avatar/bc84285c5ca7a993e6013b3df0cd5c6239503a336104c5aa0ee7e4edc788fe90?s=16&d=retro) |
5878ebb |
--- openssh/sshd.c.ip-opts 2016-07-25 13:58:48.998507834 +0200
|
|
![](https://seccdn.libravatar.org/avatar/bc84285c5ca7a993e6013b3df0cd5c6239503a336104c5aa0ee7e4edc788fe90?s=16&d=retro) |
5878ebb |
+++ openssh/sshd.c 2016-07-25 14:01:28.346469878 +0200
|
|
![](https://seccdn.libravatar.org/avatar/bc84285c5ca7a993e6013b3df0cd5c6239503a336104c5aa0ee7e4edc788fe90?s=16&d=retro) |
5878ebb |
@@ -1507,12 +1507,29 @@ check_ip_options(struct ssh *ssh)
|
|
![](https://seccdn.libravatar.org/avatar/bc84285c5ca7a993e6013b3df0cd5c6239503a336104c5aa0ee7e4edc788fe90?s=16&d=retro) |
5878ebb |
|
|
![](https://seccdn.libravatar.org/avatar/bc84285c5ca7a993e6013b3df0cd5c6239503a336104c5aa0ee7e4edc788fe90?s=16&d=retro) |
5878ebb |
if (getsockopt(sock_in, IPPROTO_IP, IP_OPTIONS, opts,
|
|
![](https://seccdn.libravatar.org/avatar/11afc4766506506a582e83bf5dad6005aad98d91726c9c0c041d9eb354dae101?s=16&d=retro) |
49d0cf7 |
&option_size) >= 0 && option_size != 0) {
|
|
![](https://seccdn.libravatar.org/avatar/11afc4766506506a582e83bf5dad6005aad98d91726c9c0c041d9eb354dae101?s=16&d=retro) |
49d0cf7 |
- text[0] = '\0';
|
|
![](https://seccdn.libravatar.org/avatar/11afc4766506506a582e83bf5dad6005aad98d91726c9c0c041d9eb354dae101?s=16&d=retro) |
49d0cf7 |
- for (i = 0; i < option_size; i++)
|
|
![](https://seccdn.libravatar.org/avatar/11afc4766506506a582e83bf5dad6005aad98d91726c9c0c041d9eb354dae101?s=16&d=retro) |
49d0cf7 |
- snprintf(text + i*3, sizeof(text) - i*3,
|
|
![](https://seccdn.libravatar.org/avatar/bc84285c5ca7a993e6013b3df0cd5c6239503a336104c5aa0ee7e4edc788fe90?s=16&d=retro) |
5878ebb |
- " %2.2x", opts[i]);
|
|
![](https://seccdn.libravatar.org/avatar/bc84285c5ca7a993e6013b3df0cd5c6239503a336104c5aa0ee7e4edc788fe90?s=16&d=retro) |
5878ebb |
- fatal("Connection from %.100s port %d with IP opts: %.800s",
|
|
![](https://seccdn.libravatar.org/avatar/bc84285c5ca7a993e6013b3df0cd5c6239503a336104c5aa0ee7e4edc788fe90?s=16&d=retro) |
5878ebb |
- ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), text);
|
|
![](https://seccdn.libravatar.org/avatar/11afc4766506506a582e83bf5dad6005aad98d91726c9c0c041d9eb354dae101?s=16&d=retro) |
49d0cf7 |
+ i = 0;
|
|
![](https://seccdn.libravatar.org/avatar/11afc4766506506a582e83bf5dad6005aad98d91726c9c0c041d9eb354dae101?s=16&d=retro) |
49d0cf7 |
+ do {
|
|
![](https://seccdn.libravatar.org/avatar/bc84285c5ca7a993e6013b3df0cd5c6239503a336104c5aa0ee7e4edc788fe90?s=16&d=retro) |
5878ebb |
+ switch (opts[i]) {
|
|
![](https://seccdn.libravatar.org/avatar/11afc4766506506a582e83bf5dad6005aad98d91726c9c0c041d9eb354dae101?s=16&d=retro) |
49d0cf7 |
+ case 0:
|
|
![](https://seccdn.libravatar.org/avatar/11afc4766506506a582e83bf5dad6005aad98d91726c9c0c041d9eb354dae101?s=16&d=retro) |
49d0cf7 |
+ case 1:
|
|
![](https://seccdn.libravatar.org/avatar/11afc4766506506a582e83bf5dad6005aad98d91726c9c0c041d9eb354dae101?s=16&d=retro) |
49d0cf7 |
+ ++i;
|
|
![](https://seccdn.libravatar.org/avatar/11afc4766506506a582e83bf5dad6005aad98d91726c9c0c041d9eb354dae101?s=16&d=retro) |
49d0cf7 |
+ break;
|
|
![](https://seccdn.libravatar.org/avatar/08de75d2caa4e82592ba986a401825467ec6e4be80fcf68dea3b4d1800f20554?s=16&d=retro) |
94c6f8d |
+ case 130:
|
|
![](https://seccdn.libravatar.org/avatar/08de75d2caa4e82592ba986a401825467ec6e4be80fcf68dea3b4d1800f20554?s=16&d=retro) |
94c6f8d |
+ case 133:
|
|
![](https://seccdn.libravatar.org/avatar/08de75d2caa4e82592ba986a401825467ec6e4be80fcf68dea3b4d1800f20554?s=16&d=retro) |
94c6f8d |
+ case 134:
|
|
![](https://seccdn.libravatar.org/avatar/bc84285c5ca7a993e6013b3df0cd5c6239503a336104c5aa0ee7e4edc788fe90?s=16&d=retro) |
5878ebb |
+ i += opts[i + 1];
|
|
![](https://seccdn.libravatar.org/avatar/08de75d2caa4e82592ba986a401825467ec6e4be80fcf68dea3b4d1800f20554?s=16&d=retro) |
94c6f8d |
+ break;
|
|
![](https://seccdn.libravatar.org/avatar/08de75d2caa4e82592ba986a401825467ec6e4be80fcf68dea3b4d1800f20554?s=16&d=retro) |
94c6f8d |
+ default:
|
|
![](https://seccdn.libravatar.org/avatar/11afc4766506506a582e83bf5dad6005aad98d91726c9c0c041d9eb354dae101?s=16&d=retro) |
49d0cf7 |
+ /* Fail, fatally, if we detect either loose or strict
|
|
![](https://seccdn.libravatar.org/avatar/11afc4766506506a582e83bf5dad6005aad98d91726c9c0c041d9eb354dae101?s=16&d=retro) |
49d0cf7 |
+ * source routing options. */
|
|
![](https://seccdn.libravatar.org/avatar/11afc4766506506a582e83bf5dad6005aad98d91726c9c0c041d9eb354dae101?s=16&d=retro) |
49d0cf7 |
+ text[0] = '\0';
|
|
![](https://seccdn.libravatar.org/avatar/11afc4766506506a582e83bf5dad6005aad98d91726c9c0c041d9eb354dae101?s=16&d=retro) |
49d0cf7 |
+ for (i = 0; i < option_size; i++)
|
|
![](https://seccdn.libravatar.org/avatar/11afc4766506506a582e83bf5dad6005aad98d91726c9c0c041d9eb354dae101?s=16&d=retro) |
49d0cf7 |
+ snprintf(text + i*3, sizeof(text) - i*3,
|
|
![](https://seccdn.libravatar.org/avatar/bc84285c5ca7a993e6013b3df0cd5c6239503a336104c5aa0ee7e4edc788fe90?s=16&d=retro) |
5878ebb |
+ " %2.2x", opts[i]);
|
|
![](https://seccdn.libravatar.org/avatar/bc84285c5ca7a993e6013b3df0cd5c6239503a336104c5aa0ee7e4edc788fe90?s=16&d=retro) |
5878ebb |
+ fatal("Connection from %.100s port %d with IP options:%.800s",
|
|
![](https://seccdn.libravatar.org/avatar/bc84285c5ca7a993e6013b3df0cd5c6239503a336104c5aa0ee7e4edc788fe90?s=16&d=retro) |
5878ebb |
+ ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), text);
|
|
![](https://seccdn.libravatar.org/avatar/11afc4766506506a582e83bf5dad6005aad98d91726c9c0c041d9eb354dae101?s=16&d=retro) |
49d0cf7 |
+ }
|
|
![](https://seccdn.libravatar.org/avatar/11afc4766506506a582e83bf5dad6005aad98d91726c9c0c041d9eb354dae101?s=16&d=retro) |
49d0cf7 |
+ } while (i < option_size);
|
|
![](https://seccdn.libravatar.org/avatar/11afc4766506506a582e83bf5dad6005aad98d91726c9c0c041d9eb354dae101?s=16&d=retro) |
49d0cf7 |
}
|
|
![](https://seccdn.libravatar.org/avatar/bc84285c5ca7a993e6013b3df0cd5c6239503a336104c5aa0ee7e4edc788fe90?s=16&d=retro) |
5878ebb |
return;
|
|
![](https://seccdn.libravatar.org/avatar/11afc4766506506a582e83bf5dad6005aad98d91726c9c0c041d9eb354dae101?s=16&d=retro) |
49d0cf7 |
#endif /* IP_OPTIONS */
|