Only send an error reply if the request passes basic verification.
Otherwise, kpasswdd would reply to every UDP packet, allowing an
attacker to set up a ping-pong DoS attack via a spoofed UDP packet with
a source address of another UDP service that also replies to every
packet.
Also suppress the error reply if ap_req_len is 0, since this indicates
an error packet. An error packet may be the result of a ping-pong
attacker pointing us at another kpasswdd.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
Russ Allbery
97648fc257