Группа :: Система/Основа
Пакет: xinetd
навигация по пакетам
Главная Изменения Спек Патчи Загрузить Bugs and FR
Патч: xinetd-2.3.14-owl-bad_port_check.patch
--- xinetd-2.3.14/xinetd/builtins.c 2005-10-06 15:38:04 +0000
+++ xinetd-2.3.13/xinetd/builtins.c 2005-04-08 21:23:07 +0000
@@ -52,6 +52,7 @@ static void dgram_daytime(const struct s
static void stream_chargen(const struct server *) ;
static void dgram_chargen(const struct server *) ;
static void tcpmux_handler(const struct server *) ;
+static int bad_port_check(const union xsockaddr *, const char *);
/*
* SG - This is the call sequence to get to a built-in service
@@ -163,6 +164,25 @@ static void stream_echo( const struct se
Sclose(descriptor);
}
+/* For internal UDP services, make sure we don't respond to our ports
+ * on other servers and to low ports of other services (such as DNS).
+ * This can cause looping.
+ */
+static int bad_port_check( const union xsockaddr *sa, const char *func )
+{+ uint16_t port = 0;
+
+ port = ntohs( xaddrport( sa ) );
+
+ if ( port < 1024 ) {+ msg(LOG_WARNING, func,
+ "Possible Denial of Service attack from %s %d", xaddrname(sa), port);
+ return (-1);
+ }
+
+ return (0);
+}
+
static void dgram_echo( const struct server *serp )
{char buf[ DATAGRAM_SIZE ] ;
@@ -179,6 +199,7 @@ static void dgram_echo( const struct ser
cc = recvfrom( descriptor, buf, sizeof( buf ), 0, SA( &lsin ), &sin_len ) ;
if ( cc != -1 ) {+ if( bad_port_check(&lsin, func) != 0 ) return;
(void) sendto( descriptor, buf, cc, 0, SA( &lsin ), sizeof( lsin ) ) ;
}
}
@@ -303,6 +324,8 @@ static void dgram_daytime( const struct
SA( &lsin ), &sin_len ) == -1 )
return ;
+ if( bad_port_check(&lsin, func) != 0 ) return;
+
daytime_protocol( time_buf, &buflen ) ;
(void) sendto( descriptor, time_buf, buflen, 0, SA(&lsin), sizeof( lsin ) ) ;
@@ -367,6 +390,7 @@ static void dgram_time( const struct ser
if ( recvfrom( fd, buf, sizeof( buf ), 0, SA( &lsin ), &sin_len ) == -1 )
return ;
+ if( bad_port_check(&lsin, func) != 0 ) return;
time_protocol( time_buf ) ;
(void) sendto( fd, (char *) time_buf, 4, 0, SA( &lsin ), sin_len ) ;
@@ -478,6 +502,8 @@ static void dgram_chargen( const struct
bad_variable = 1 ; /* this will cause a compilation error */
#endif
+ if( bad_port_check(&lsin, func) != 0 ) return;
+
for ( p = buf ; left > 2 ; left -= len, p += len )
{len = min( LINE_LENGTH+2, left ) ;