]>
Commit | Line | Data |
---|---|---|
852f4e06 SS |
1 | diff -up openssh-5.2p1/canohost.c.ip-opts openssh-5.2p1/canohost.c |
2 | --- openssh-5.2p1/canohost.c.ip-opts 2009-02-14 06:28:21.000000000 +0100 | |
3 | +++ openssh-5.2p1/canohost.c 2009-09-01 15:31:29.000000000 +0200 | |
4 | @@ -169,12 +169,27 @@ check_ip_options(int sock, char *ipaddr) | |
5 | option_size = sizeof(options); | |
6 | if (getsockopt(sock, ipproto, IP_OPTIONS, options, | |
7 | &option_size) >= 0 && option_size != 0) { | |
8 | - text[0] = '\0'; | |
9 | - for (i = 0; i < option_size; i++) | |
10 | - snprintf(text + i*3, sizeof(text) - i*3, | |
11 | - " %2.2x", options[i]); | |
12 | - fatal("Connection from %.100s with IP options:%.800s", | |
13 | - ipaddr, text); | |
14 | + i = 0; | |
15 | + do { | |
16 | + switch (options[i]) { | |
17 | + case 0: | |
18 | + case 1: | |
19 | + ++i; | |
20 | + break; | |
21 | + case 131: | |
22 | + case 137: | |
23 | + /* Fail, fatally, if we detect either loose or strict | |
24 | + * source routing options. */ | |
25 | + text[0] = '\0'; | |
26 | + for (i = 0; i < option_size; i++) | |
27 | + snprintf(text + i*3, sizeof(text) - i*3, | |
28 | + " %2.2x", options[i]); | |
29 | + fatal("Connection from %.100s with IP options:%.800s", | |
30 | + ipaddr, text); | |
31 | + default: | |
32 | + i += options[i + 1]; | |
33 | + } | |
34 | + } while (i < option_size); | |
35 | } | |
36 | #endif /* IP_OPTIONS */ | |
37 | } |