Blame openssh-5.2p1-allow-ip-opts.patch
|
 |
49d0cf7 |
diff -up openssh-5.2p1/canohost.c.ip-opts openssh-5.2p1/canohost.c
|
|
|
49d0cf7 |
--- openssh-5.2p1/canohost.c.ip-opts 2009-02-14 06:28:21.000000000 +0100
|
|
|
49d0cf7 |
+++ openssh-5.2p1/canohost.c 2009-09-01 15:31:29.000000000 +0200
|
|
|
49d0cf7 |
@@ -169,12 +169,27 @@ check_ip_options(int sock, char *ipaddr)
|
|
|
49d0cf7 |
option_size = sizeof(options);
|
|
|
49d0cf7 |
if (getsockopt(sock, ipproto, IP_OPTIONS, options,
|
|
|
49d0cf7 |
&option_size) >= 0 && option_size != 0) {
|
|
|
49d0cf7 |
- text[0] = '\0';
|
|
|
49d0cf7 |
- for (i = 0; i < option_size; i++)
|
|
|
49d0cf7 |
- snprintf(text + i*3, sizeof(text) - i*3,
|
|
|
49d0cf7 |
- " %2.2x", options[i]);
|
|
|
49d0cf7 |
- fatal("Connection from %.100s with IP options:%.800s",
|
|
|
49d0cf7 |
- ipaddr, text);
|
|
|
49d0cf7 |
+ i = 0;
|
|
|
49d0cf7 |
+ do {
|
|
|
49d0cf7 |
+ switch (options[i]) {
|
|
|
49d0cf7 |
+ case 0:
|
|
|
49d0cf7 |
+ case 1:
|
|
|
49d0cf7 |
+ ++i;
|
|
|
49d0cf7 |
+ break;
|
|
|
49d0cf7 |
+ case 131:
|
|
|
49d0cf7 |
+ case 137:
|
|
|
49d0cf7 |
+ /* Fail, fatally, if we detect either loose or strict
|
|
|
49d0cf7 |
+ * source routing options. */
|
|
|
49d0cf7 |
+ text[0] = '\0';
|
|
|
49d0cf7 |
+ for (i = 0; i < option_size; i++)
|
|
|
49d0cf7 |
+ snprintf(text + i*3, sizeof(text) - i*3,
|
|
|
49d0cf7 |
+ " %2.2x", options[i]);
|
|
|
49d0cf7 |
+ fatal("Connection from %.100s with IP options:%.800s",
|
|
|
49d0cf7 |
+ ipaddr, text);
|
|
|
49d0cf7 |
+ default:
|
|
|
49d0cf7 |
+ i += options[i + 1];
|
|
|
49d0cf7 |
+ }
|
|
|
49d0cf7 |
+ } while (i < option_size);
|
|
|
49d0cf7 |
}
|
|
|
49d0cf7 |
#endif /* IP_OPTIONS */
|
|
|
49d0cf7 |
}
|