From: wessels <>
Date: Fri, 24 Jan 1997 15:16:18 +0000 (+0000)
Subject: try detecting ICP_HIT_OBJ spoofing
X-Git-Tag: SQUID_3_0_PRE1~5169
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e4a9a37a4b48a8c9de88beef5aa6cf2d1edbd943;p=thirdparty%2Fsquid.git

try detecting ICP_HIT_OBJ spoofing
---

diff --git a/src/neighbors.cc b/src/neighbors.cc
index 76e39e6ecb..cba1d3bd80 100644
--- a/src/neighbors.cc
+++ b/src/neighbors.cc
@@ -1,5 +1,5 @@
 /*
- * $Id: neighbors.cc,v 1.105 1997/01/15 17:41:28 wessels Exp $
+ * $Id: neighbors.cc,v 1.106 1997/01/24 08:16:18 wessels Exp $
  *
  * DEBUG: section 15    Neighbor Routines
  * AUTHOR: Harvest Derived
@@ -652,6 +652,11 @@ neighborsUdpAck(int fd, const char *url, icp_common_t * header, const struct soc
 		inet_ntoa(from->sin_addr));
 	} else if (entry->object_len != 0) {
 	    debug(15, 1, "Too late UDP_HIT_OBJ '%s'?\n", entry->url);
+	} else if (!opt_udp_hit_obj) {
+	    /* HIT_OBJ poses a security risk since we take the object 
+	     * data from the ICP message */
+	    debug(15, 0, "WARNING!: Received ICP_OP_HIT_OBJ from '%s' with HIT_OBJ disabled!\n");
+	    debug(15, 0, "--> URL '%s'\n", entry->url);
 	} else {
 	    if (e->options & NEIGHBOR_PROXY_ONLY)
 		storeReleaseRequest(entry);