projects / people / ms / ipfire-3.x.git / blame
| Commit | Line | Data |
|---|---|---|
| 852f4e06 SS |
1 | diff -up openssh-5.2p1/canohost.c.ip-opts openssh-5.2p1/canohost.c |
| 2 | --- openssh-5.2p1/canohost.c.ip-opts 2009-02-14 06:28:21.000000000 +0100 | |
| 3 | +++ openssh-5.2p1/canohost.c 2009-09-01 15:31:29.000000000 +0200 | |
| 4 | @@ -169,12 +169,27 @@ check_ip_options(int sock, char *ipaddr) | |
| 5 | option_size = sizeof(options); | |
| 6 | if (getsockopt(sock, ipproto, IP_OPTIONS, options, | |
| 7 | &option_size) >= 0 && option_size != 0) { | |
| 8 | - text[0] = '\0'; | |
| 9 | - for (i = 0; i < option_size; i++) | |
| 10 | - snprintf(text + i*3, sizeof(text) - i*3, | |
| 11 | - " %2.2x", options[i]); | |
| 12 | - fatal("Connection from %.100s with IP options:%.800s", | |
| 13 | - ipaddr, text); | |
| 14 | + i = 0; | |
| 15 | + do { | |
| 16 | + switch (options[i]) { | |
| 17 | + case 0: | |
| 18 | + case 1: | |
| 19 | + ++i; | |
| 20 | + break; | |
| 21 | + case 131: | |
| 22 | + case 137: | |
| 23 | + /* Fail, fatally, if we detect either loose or strict | |
| 24 | + * source routing options. */ | |
| 25 | + text[0] = '\0'; | |
| 26 | + for (i = 0; i < option_size; i++) | |
| 27 | + snprintf(text + i*3, sizeof(text) - i*3, | |
| 28 | + " %2.2x", options[i]); | |
| 29 | + fatal("Connection from %.100s with IP options:%.800s", | |
| 30 | + ipaddr, text); | |
| 31 | + default: | |
| 32 | + i += options[i + 1]; | |
| 33 | + } | |
| 34 | + } while (i < option_size); | |
| 35 | } | |
| 36 | #endif /* IP_OPTIONS */ | |
| 37 | } |