1 diff -up openssh-5.2p1/canohost.c.ip-opts openssh-5.2p1/canohost.c
2 --- openssh-5.2p1/canohost.c.ip-opts 2009-02-14 06:28:21.000000000 +0100
3 +++ openssh-5.2p1/canohost.c 2009-09-01 15:31:29.000000000 +0200
4 @@ -169,12 +169,27 @@ check_ip_options(int sock, char *ipaddr)
5 option_size = sizeof(options);
6 if (getsockopt(sock, ipproto, IP_OPTIONS, options,
7 &option_size) >= 0 && option_size != 0) {
9 - for (i = 0; i < option_size; i++)
10 - snprintf(text + i*3, sizeof(text) - i*3,
11 - " %2.2x", options[i]);
12 - fatal("Connection from %.100s with IP options:%.800s",
16 + switch (options[i]) {
23 + /* Fail, fatally, if we detect either loose or strict
24 + * source routing options. */
26 + for (i = 0; i < option_size; i++)
27 + snprintf(text + i*3, sizeof(text) - i*3,
28 + " %2.2x", options[i]);
29 + fatal("Connection from %.100s with IP options:%.800s",
32 + i += options[i + 1];
34 + } while (i < option_size);
36 #endif /* IP_OPTIONS */