- djm@cvs.openbsd.org 2005/10/30 04:03:24
[ssh.c]
fix misleading debug message; ok dtucker@
+ - dtucker@cvs.openbsd.org 2005/10/30 08:29:29
+ [canohost.c sshd.c]
+ Check for connections with IP options earlier and drop silently. ok djm@
20051102
- (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup().
*/
#include "includes.h"
-RCSID("$OpenBSD: canohost.c,v 1.45 2005/10/03 07:44:42 dtucker Exp $");
+RCSID("$OpenBSD: canohost.c,v 1.46 2005/10/30 08:29:29 dtucker Exp $");
#include "packet.h"
#include "xmalloc.h"
for (i = 0; i < option_size; i++)
snprintf(text + i*3, sizeof(text) - i*3,
" %2.2x", options[i]);
- logit("Connection from %.100s with IP options:%.800s",
- ipaddr, text);
- packet_disconnect("Connection from %.100s with IP options:%.800s",
+ fatal("Connection from %.100s with IP options:%.800s",
ipaddr, text);
}
#endif /* IP_OPTIONS */
*/
#include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.315 2005/09/21 23:37:11 djm Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.316 2005/10/30 08:29:29 dtucker Exp $");
#include <openssl/dh.h>
#include <openssl/bn.h>
debug("get_remote_port failed");
cleanup_exit(255);
}
- remote_ip = get_remote_ipaddr();
+
+ /*
+ * We use get_canonical_hostname with usedns = 0 instead of
+ * get_remote_ipaddr here so IP options will be checked.
+ */
+ remote_ip = get_canonical_hostname(0);
#ifdef SSH_AUDIT_EVENTS
audit_connection_from(remote_ip, remote_port);