You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
39 lines
1.2 KiB
39 lines
1.2 KiB
diff -up openssh/sshd.c.ip-opts openssh/sshd.c |
|
--- openssh/sshd.c.ip-opts 2016-07-25 13:58:48.998507834 +0200 |
|
+++ openssh/sshd.c 2016-07-25 14:01:28.346469878 +0200 |
|
@@ -1507,12 +1507,29 @@ check_ip_options(struct ssh *ssh) |
|
|
|
if (getsockopt(sock_in, IPPROTO_IP, IP_OPTIONS, opts, |
|
&option_size) >= 0 && option_size != 0) { |
|
- text[0] = '\0'; |
|
- for (i = 0; i < option_size; i++) |
|
- snprintf(text + i*3, sizeof(text) - i*3, |
|
- " %2.2x", opts[i]); |
|
- fatal("Connection from %.100s port %d with IP opts: %.800s", |
|
- ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), text); |
|
+ i = 0; |
|
+ do { |
|
+ switch (opts[i]) { |
|
+ case 0: |
|
+ case 1: |
|
+ ++i; |
|
+ break; |
|
+ case 130: |
|
+ case 133: |
|
+ case 134: |
|
+ i += opts[i + 1]; |
|
+ break; |
|
+ default: |
|
+ /* Fail, fatally, if we detect either loose or strict |
|
+ * source routing options. */ |
|
+ text[0] = '\0'; |
|
+ for (i = 0; i < option_size; i++) |
|
+ snprintf(text + i*3, sizeof(text) - i*3, |
|
+ " %2.2x", opts[i]); |
|
+ fatal("Connection from %.100s port %d with IP options:%.800s", |
|
+ ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), text); |
|
+ } |
|
+ } while (i < option_size); |
|
} |
|
return; |
|
#endif /* IP_OPTIONS */
|
|
|