Bug #1225: WCCP easily disturbed by forged packets

Forward port of 2.5 patch.

diff --git a/src/wccp.cc b/src/wccp.cc
index d7edc20df85d1c8c3ac99f4687d952a7f561a03a..4bf564a81085c2adfe966921357d129bda8f8cce 100644 (file)
--- a/src/wccp.cc
+++ b/src/wccp.cc
@@ -1,6 +1,6 @@
 
 /*
- * $Id: wccp.cc,v 1.37 2005/01/28 22:54:16 wessels Exp $
+ * $Id: wccp.cc,v 1.38 2005/02/05 21:50:42 serassio Exp $
  *
  * DEBUG: section 80    WCCP Support
  * AUTHOR: Glenn Chisholm
@@ -91,7 +91,8 @@ static int theOutWccpConnection = -1;
 static struct wccp_here_i_am_t wccp_here_i_am;
 
 static struct wccp_i_see_you_t wccp_i_see_you;
-static int change;
+static int last_change;
+static int last_id;
 static int last_assign_buckets_change;
 static unsigned int number_caches;
 
@@ -118,8 +119,10 @@ wccpInit(void)
     wccp_here_i_am.type = htonl(WCCP_HERE_I_AM);
     wccp_here_i_am.version = htonl(Config.Wccp.version);
     wccp_here_i_am.revision = htonl(WCCP_REVISION);
-    change = 0;
+    last_change = 0;
+    last_id = 0;
     last_assign_buckets_change = 0;
+    number_caches = 0;
 
     if (Config.Wccp.router.s_addr != any_addr.s_addr)
         if (!eventFind(wccpHereIam, NULL))
@@ -282,19 +285,15 @@ wccpHandleUdp(int sock, void *not_used)
     if (ntohl(wccp_i_see_you.type) != WCCP_I_SEE_YOU)
         return;
 
-    if (ntohl(wccp_i_see_you.number) > WCCP_ACTIVE_CACHES) {
+    if (ntohl(wccp_i_see_you.number) > WCCP_ACTIVE_CACHES || ntohl(wccp_i_see_you.number) < 0) {
         debug(80, 1) ("Ignoring WCCP_I_SEE_YOU from %s with number of caches set to %d\n",
                       inet_ntoa(from.sin_addr), (int) ntohl(wccp_i_see_you.number));
         return;
     }
 
-    if (ntohl(wccp_i_see_you.number) <= 0) {
-        debug(80, 1) ("Ignoring WCCP_I_SEE_YOU from %s with non-positive number of caches\n",
-                      inet_ntoa(from.sin_addr));
-        return;
-    }
+    last_id = wccp_i_see_you.id;
 
-    if ((0 == change) && (number_caches == (unsigned) ntohl(wccp_i_see_you.number))) {
+    if ((0 == last_change) && (number_caches == (unsigned) ntohl(wccp_i_see_you.number))) {
         if (last_assign_buckets_change == wccp_i_see_you.change) {
             /*
              * After a WCCP_ASSIGN_BUCKET message, the router should
@@ -306,16 +305,16 @@ wccpHandleUdp(int sock, void *not_used)
              */
             (void) 0;
         } else {
-            change = wccp_i_see_you.change;
+            last_change = wccp_i_see_you.change;
             return;
         }
     }
 
-    if (change != wccp_i_see_you.change) {
-        change = wccp_i_see_you.change;
+    if (last_change != wccp_i_see_you.change) {
+        last_change = wccp_i_see_you.change;
 
         if (wccpLowestIP() && wccp_i_see_you.number) {
-            last_assign_buckets_change = change;
+            last_assign_buckets_change = last_change;
             wccpAssignBuckets();
         }
     }
@@ -325,6 +324,7 @@ static int
 wccpLowestIP(void)
 {
     unsigned int loop;
+    int found = 0;
 
     /*
      * We sanity checked wccp_i_see_you.number back in wccpHandleUdp()
@@ -335,9 +335,12 @@ wccpLowestIP(void)
 
         if (wccp_i_see_you.wccp_cache_entry[loop].ip_addr.s_addr < local_ip.s_addr)
             return 0;
+
+        if (wccp_i_see_you.wccp_cache_entry[loop].ip_addr.s_addr == local_ip.s_addr)
+            found = 1;
     }
 
-    return 1;
+    return found;
 }
 
 static void
@@ -345,7 +348,7 @@ wccpHereIam(void *voidnotused)
 {
     debug(80, 6) ("wccpHereIam: Called\n");
 
-    wccp_here_i_am.id = wccp_i_see_you.id;
+    wccp_here_i_am.id = last_id;
     comm_udp_send(theOutWccpConnection,
                   &wccp_here_i_am,
                   sizeof(wccp_here_i_am),
@@ -419,7 +422,7 @@ wccpAssignBuckets(void)
                   buf,
                   wab_len + WCCP_BUCKETS + cache_len,
                   0);
-    change = 0;
+    last_change = 0;
     xfree(buf);
 }