]> git.ipfire.org Git - people/amarx/ipfire-3.x.git/blob - openssh/patches/openssh-5.2p1-allow-ip-opts.patch
projects / people / amarx / ipfire-3.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Move all packages to root.
[people/amarx/ipfire-3.x.git] / openssh / patches / openssh-5.2p1-allow-ip-opts.patch
1 diff -up openssh-5.2p1/canohost.c.ip-opts openssh-5.2p1/canohost.c
2 --- openssh-5.2p1/canohost.c.ip-opts 2009-02-14 06:28:21.000000000 +0100
3 +++ openssh-5.2p1/canohost.c 2009-09-01 15:31:29.000000000 +0200
4 @@ -169,12 +169,27 @@ check_ip_options(int sock, char *ipaddr)
5 option_size = sizeof(options);
6 if (getsockopt(sock, ipproto, IP_OPTIONS, options,
7 &option_size) >= 0 && option_size != 0) {
8 - text[0] = '\0';
9 - for (i = 0; i < option_size; i++)
10 - snprintf(text + i*3, sizeof(text) - i*3,
11 - " %2.2x", options[i]);
12 - fatal("Connection from %.100s with IP options:%.800s",
13 - ipaddr, text);
14 + i = 0;
15 + do {
16 + switch (options[i]) {
17 + case 0:
18 + case 1:
19 + ++i;
20 + break;
21 + case 131:
22 + case 137:
23 + /* Fail, fatally, if we detect either loose or strict
24 + * source routing options. */
25 + text[0] = '\0';
26 + for (i = 0; i < option_size; i++)
27 + snprintf(text + i*3, sizeof(text) - i*3,
28 + " %2.2x", options[i]);
29 + fatal("Connection from %.100s with IP options:%.800s",
30 + ipaddr, text);
31 + default:
32 + i += options[i + 1];
33 + }
34 + } while (i < option_size);
35 }
36 #endif /* IP_OPTIONS */
37 }
Alex's tree of IPFire 3.x