Annotation of src/lib/libwrap/fix_options.c, Revision 1.10.44.2
1.10.44.2! riz 1: /* $NetBSD: fix_options.c,v 1.10.44.1 2012/04/23 16:48:54 riz Exp $ */
1.3 christos 2:
1.1 mrg 3: /*
4: * Routine to disable IP-level socket options. This code was taken from 4.4BSD
1.4 itojun 5: * rlogind and kernel source, but all mistakes in it are my fault.
1.1 mrg 6: *
7: * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
8: */
9:
1.3 christos 10: #include <sys/cdefs.h>
1.1 mrg 11: #ifndef lint
1.3 christos 12: #if 0
1.4 itojun 13: static char sccsid[] = "@(#) fix_options.c 1.6 97/04/08 02:29:19";
1.3 christos 14: #else
1.10.44.2! riz 15: __RCSID("$NetBSD: fix_options.c,v 1.10.44.1 2012/04/23 16:48:54 riz Exp $");
1.3 christos 16: #endif
1.1 mrg 17: #endif
18:
19: #include <sys/types.h>
20: #include <sys/param.h>
1.3 christos 21: #include <sys/socket.h>
1.1 mrg 22: #include <netinet/in.h>
1.4 itojun 23: #include <netinet/in_systm.h>
24: #include <netinet/ip.h>
1.1 mrg 25: #include <netdb.h>
26: #include <stdio.h>
27: #include <syslog.h>
1.3 christos 28: #include <stdlib.h>
29: #include <unistd.h>
1.4 itojun 30:
31: #ifndef IPOPT_OPTVAL
32: #define IPOPT_OPTVAL 0
33: #define IPOPT_OLEN 1
34: #endif
35:
1.1 mrg 36: #include "tcpd.h"
37:
1.4 itojun 38: #define BUFFER_SIZE 512 /* Was: BUFSIZ */
39:
1.1 mrg 40: /* fix_options - get rid of IP-level socket options */
41:
1.3 christos 42: void
1.10.44.2! riz 43: fix_options(request)
! 44: struct request_info *request;
1.1 mrg 45: {
46: #ifdef IP_OPTIONS
1.4 itojun 47: unsigned char optbuf[BUFFER_SIZE / 3], *cp;
48: char lbuf[BUFFER_SIZE], *lp;
1.10 mrg 49: int ipproto;
50: socklen_t optsize = sizeof(optbuf);
1.1 mrg 51: struct protoent *ip;
52: int fd = request->fd;
1.2 mrg 53: int len = sizeof lbuf;
1.4 itojun 54: unsigned int opt;
55: int optlen;
56: struct in_addr dummy;
1.5 itojun 57: struct sockaddr_storage ss;
1.10 mrg 58: socklen_t sslen;
1.1 mrg 59:
1.5 itojun 60: /*
61: * check if this is AF_INET socket
62: * XXX IPv6 support?
63: */
64: sslen = sizeof(ss);
1.10 mrg 65: if (getsockname(fd, (struct sockaddr *)(void *)&ss, &sslen) < 0) {
1.7 wiz 66: syslog(LOG_ERR, "getsockname: %m");
1.5 itojun 67: clean_exit(request);
68: }
69: if (ss.ss_family != AF_INET)
70: return;
71:
1.1 mrg 72: if ((ip = getprotobyname("ip")) != 0)
73: ipproto = ip->p_proto;
74: else
75: ipproto = IPPROTO_IP;
76:
1.10 mrg 77: if (getsockopt(fd, ipproto, IP_OPTIONS, optbuf, &optsize) == 0
1.1 mrg 78: && optsize != 0) {
1.4 itojun 79:
80: /*
81: * Horror! 4.[34] BSD getsockopt() prepends the first-hop destination
82: * address to the result IP options list when source routing options
83: * are present (see <netinet/ip_var.h>), but produces no output for
84: * other IP options. Solaris 2.x getsockopt() does produce output for
85: * non-routing IP options, and uses the same format as BSD even when
86: * the space for the destination address is unused. The code below
87: * does the right thing with 4.[34]BSD derivatives and Solaris 2, but
88: * may occasionally miss source routing options on incompatible
89: * systems such as Linux. Their choice.
90: *
91: * Look for source routing options. Drop the connection when one is
92: * found. Just wiping the IP options is insufficient: we would still
93: * help the attacker by providing a real TCP sequence number, and the
94: * attacker would still be able to send packets (blind spoofing). I
95: * discussed this attack with Niels Provos, half a year before the
96: * attack was described in open mailing lists.
97: *
98: * It would be cleaner to just return a yes/no reply and let the caller
99: * decide how to deal with it. Resident servers should not terminate.
100: * However I am not prepared to make changes to internal interfaces
101: * on short notice.
102: */
103: #define ADDR_LEN sizeof(dummy.s_addr)
104:
105: for (cp = optbuf + ADDR_LEN; cp < optbuf + optsize; cp += optlen) {
106: opt = cp[IPOPT_OPTVAL];
107: if (opt == IPOPT_LSRR || opt == IPOPT_SSRR) {
108: syslog(LOG_WARNING,
109: "refused connect from %s with IP source routing options",
110: eval_client(request));
111: shutdown(fd, 2);
112: return;
113: }
114: if (opt == IPOPT_EOL)
115: break;
116: if (opt == IPOPT_NOP) {
117: optlen = 1;
1.8 itojun 118: } else if (&cp[IPOPT_OLEN] < optbuf + optsize) {
1.4 itojun 119: optlen = cp[IPOPT_OLEN];
1.9 itojun 120: if (optlen < 2 || cp + optlen >= optbuf + optsize) {
1.8 itojun 121: syslog(LOG_WARNING,
122: "refused connect from %s with malformed IP options",
123: eval_client(request));
124: shutdown(fd, 2);
125: return;
126: }
127: } else {
128: syslog(LOG_WARNING,
129: "refused connect from %s with malformed IP options",
130: eval_client(request));
131: shutdown(fd, 2);
132: return;
1.4 itojun 133: }
134: }
1.1 mrg 135: lp = lbuf;
136: for (cp = optbuf; optsize > 0; cp++, optsize--, lp += 3)
1.2 mrg 137: len -= snprintf(lp, len, " %2.2x", *cp);
1.1 mrg 138: syslog(LOG_NOTICE,
139: "connect from %s with IP options (ignored):%s",
140: eval_client(request), lbuf);
141: if (setsockopt(fd, ipproto, IP_OPTIONS, (char *) 0, optsize) != 0) {
142: syslog(LOG_ERR, "setsockopt IP_OPTIONS NULL: %m");
1.4 itojun 143: shutdown(fd, 2);
1.1 mrg 144: }
145: }
146: #endif
147: }
CVSweb <webmaster@jp.NetBSD.org>