try detecting ICP_HIT_OBJ spoofing

diff --git a/src/neighbors.cc b/src/neighbors.cc
index 76e39e6ecb1d922bb0e57cff38d3ae5cdb917185..cba1d3bd802105683e0444caf990fdbc5af102df 100644 (file)
--- a/src/neighbors.cc
+++ b/src/neighbors.cc
@@ -1,5 +1,5 @@
 /*
- * $Id: neighbors.cc,v 1.105 1997/01/15 17:41:28 wessels Exp $
+ * $Id: neighbors.cc,v 1.106 1997/01/24 08:16:18 wessels Exp $
  *
  * DEBUG: section 15    Neighbor Routines
  * AUTHOR: Harvest Derived
@@ -652,6 +652,11 @@ neighborsUdpAck(int fd, const char *url, icp_common_t * header, const struct soc
                inet_ntoa(from->sin_addr));
        } else if (entry->object_len != 0) {
            debug(15, 1, "Too late UDP_HIT_OBJ '%s'?\n", entry->url);
+       } else if (!opt_udp_hit_obj) {
+           /* HIT_OBJ poses a security risk since we take the object 
+            * data from the ICP message */
+           debug(15, 0, "WARNING!: Received ICP_OP_HIT_OBJ from '%s' with HIT_OBJ disabled!\n");
+           debug(15, 0, "--> URL '%s'\n", entry->url);
        } else {
            if (e->options & NEIGHBOR_PROXY_ONLY)
                storeReleaseRequest(entry);