openssh/openssh-6.6p1-allow-ip-opts.patch

40 lines
1.2 KiB
Diff
Raw Normal View History

diff -up openssh/sshd.c.ip-opts openssh/sshd.c
--- openssh/sshd.c.ip-opts 2016-07-25 13:58:48.998507834 +0200
+++ openssh/sshd.c 2016-07-25 14:01:28.346469878 +0200
@@ -1507,12 +1507,29 @@ check_ip_options(struct ssh *ssh)
if (getsockopt(sock_in, IPPROTO_IP, IP_OPTIONS, opts,
2009-09-01 18:51:41 +00:00
&option_size) >= 0 && option_size != 0) {
- text[0] = '\0';
- for (i = 0; i < option_size; i++)
- snprintf(text + i*3, sizeof(text) - i*3,
- " %2.2x", opts[i]);
- fatal("Connection from %.100s port %d with IP opts: %.800s",
- ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), text);
2009-09-01 18:51:41 +00:00
+ i = 0;
+ do {
+ switch (opts[i]) {
2009-09-01 18:51:41 +00:00
+ case 0:
+ case 1:
+ ++i;
+ break;
2014-06-03 14:51:07 +00:00
+ case 130:
+ case 133:
+ case 134:
+ i += opts[i + 1];
2014-06-03 14:51:07 +00:00
+ break;
+ default:
2009-09-01 18:51:41 +00:00
+ /* Fail, fatally, if we detect either loose or strict
+ * source routing options. */
+ text[0] = '\0';
+ for (i = 0; i < option_size; i++)
+ snprintf(text + i*3, sizeof(text) - i*3,
+ " %2.2x", opts[i]);
+ fatal("Connection from %.100s port %d with IP options:%.800s",
+ ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), text);
2009-09-01 18:51:41 +00:00
+ }
+ } while (i < option_size);
}
return;
2009-09-01 18:51:41 +00:00
#endif /* IP_OPTIONS */