add paranoid check for PORT and EPRT, make it default

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25330 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2009-07-15 22:18:25 +00:00
parent 16b76d5cc0
commit 29fc07df5b
2 changed files with 26 additions and 3 deletions

View File

@@ -150,15 +150,26 @@ cmd
memset ($3, 0, strlen($3));
free($3);
}
| PORT SP host_port CRLF check_secure
{
if ($5) {
usedefault = 0;
if (pdata >= 0) {
if (paranoid &&
(data_dest->sa_family != AF_INET ||
(ntohs(data_dest->sin_port) < IPPORT_RESERVED) ||
memcmp(data_dest->sin_addr,
&his_addr->sin_addr,
sizeof(data_dest.sin_addr)) != 0)) {
usedefault = 1;
reply(500, "Illegal PORT range rejected.");
} else {
usedefault = 0;
if (pdata >= 0) {
close(pdata);
pdata = -1;
}
reply(200, "PORT command successful.");
}
reply(200, "PORT command successful.");
}
}
| EPRT SP STRING CRLF check_secure

View File

@@ -91,6 +91,7 @@ char tmpline[10240];
char hostname[MaxHostNameLen];
char remotehost[MaxHostNameLen];
static char ttyline[20];
int paranoid = 1;
#define AUTH_PLAIN (1 << 0) /* allow sending passwords */
#define AUTH_OTP (1 << 1) /* passwords are one-time */
@@ -2123,7 +2124,18 @@ eprt(char *str)
reply(500, "Bad port syntax in EPRT");
return;
}
if (port < IPPORT_RESERVED) {
reply(500, "Bad port in invalid range in EPRT");
return;
}
socket_set_port (data_dest, htons(port));
if (paranoid &&
(data_dest->sa_family != his_addr->sa_family ||
memcmp(socket_get_address(data_dest), socket_get_address(his_addr), socket_sockaddr_size(data_dest)) != 0))
{
reply(500, "Bad address in EPRT");
}
reply(200, "EPRT command successful.");
}