RepoMirrors/openssh
1
0
Fork 0
mirror of git://anongit.mindrot.org/openssh.git synced 2025-01-03 08:12:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

- dtucker@cvs.openbsd.org 2005/10/30 08:29:29

Browse Source 
[canohost.c sshd.c]
     Check for connections with IP options earlier and drop silently.  ok djm@
This commit is contained in:
Damien Miller 2005-11-05 15:13:24 +11:00
parent aa3bb10940
commit 4d3fd54c91
3 changed files with 13 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog
View File

@ -65,6 +65,9 @@
- djm@cvs.openbsd.org 2005/10/30 04:03:24 - djm@cvs.openbsd.org 2005/10/30 04:03:24
[ssh.c] [ssh.c]
fix misleading debug message; ok dtucker@ fix misleading debug message; ok dtucker@
- dtucker@cvs.openbsd.org 2005/10/30 08:29:29
[canohost.c sshd.c]
Check for connections with IP options earlier and drop silently. ok djm@
20051102 20051102
- (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup(). - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup().
@ -3198,4 +3201,4 @@
- (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Trim deprecated options from INSTALL. Mention UsePAM
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
$Id: ChangeLog,v 1.3942 2005/11/05 04:12:59 djm Exp $ $Id: ChangeLog,v 1.3943 2005/11/05 04:13:24 djm Exp $

6
canohost.c
View File

@ -12,7 +12,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: canohost.c,v 1.45 2005/10/03 07:44:42 dtucker Exp $"); RCSID("$OpenBSD: canohost.c,v 1.46 2005/10/30 08:29:29 dtucker Exp $");
#include "packet.h" #include "packet.h"
#include "xmalloc.h" #include "xmalloc.h"
@ -158,9 +158,7 @@ check_ip_options(int sock, char *ipaddr)
for (i = 0; i < option_size; i++) for (i = 0; i < option_size; i++)
snprintf(text + i*3, sizeof(text) - i*3, snprintf(text + i*3, sizeof(text) - i*3,
" %2.2x", options[i]); " %2.2x", options[i]);
logit("Connection from %.100s with IP options:%.800s", fatal("Connection from %.100s with IP options:%.800s",
ipaddr, text);
packet_disconnect("Connection from %.100s with IP options:%.800s",
ipaddr, text); ipaddr, text);
} }
#endif /* IP_OPTIONS */ #endif /* IP_OPTIONS */

9
sshd.c
View File

@ -42,7 +42,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: sshd.c,v 1.315 2005/09/21 23:37:11 djm Exp $"); RCSID("$OpenBSD: sshd.c,v 1.316 2005/10/30 08:29:29 dtucker Exp $");
#include <openssl/dh.h> #include <openssl/dh.h>
#include <openssl/bn.h> #include <openssl/bn.h>
@ -1651,7 +1651,12 @@ main(int ac, char **av)
debug("get_remote_port failed"); debug("get_remote_port failed");
cleanup_exit(255); cleanup_exit(255);
} }
remote_ip = get_remote_ipaddr();
/*
* We use get_canonical_hostname with usedns = 0 instead of
* get_remote_ipaddr here so IP options will be checked.
*/
remote_ip = get_canonical_hostname(0);
#ifdef SSH_AUDIT_EVENTS #ifdef SSH_AUDIT_EVENTS
audit_connection_from(remote_ip, remote_port); audit_connection_from(remote_ip, remote_port);