From: djm Date: Sat, 5 Nov 2005 04:13:24 +0000 (+0000) Subject: - dtucker@cvs.openbsd.org 2005/10/30 08:29:29 X-Git-Tag: V_4_3_P1~180 X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/commitdiff_plain/3a85986d3f277a68ff96095e452fdb6b93656cb6 - dtucker@cvs.openbsd.org 2005/10/30 08:29:29 [canohost.c sshd.c] Check for connections with IP options earlier and drop silently. ok djm@ --- diff --git a/ChangeLog b/ChangeLog index 2a8a0bd3..95556c53 100644 --- a/ChangeLog +++ b/ChangeLog @@ -65,6 +65,9 @@ - djm@cvs.openbsd.org 2005/10/30 04:03:24 [ssh.c] fix misleading debug message; ok dtucker@ + - dtucker@cvs.openbsd.org 2005/10/30 08:29:29 + [canohost.c sshd.c] + Check for connections with IP options earlier and drop silently. ok djm@ 20051102 - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup(). diff --git a/canohost.c b/canohost.c index 0c4d36ff..66867c10 100644 --- a/canohost.c +++ b/canohost.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: canohost.c,v 1.45 2005/10/03 07:44:42 dtucker Exp $"); +RCSID("$OpenBSD: canohost.c,v 1.46 2005/10/30 08:29:29 dtucker Exp $"); #include "packet.h" #include "xmalloc.h" @@ -158,9 +158,7 @@ check_ip_options(int sock, char *ipaddr) for (i = 0; i < option_size; i++) snprintf(text + i*3, sizeof(text) - i*3, " %2.2x", options[i]); - logit("Connection from %.100s with IP options:%.800s", - ipaddr, text); - packet_disconnect("Connection from %.100s with IP options:%.800s", + fatal("Connection from %.100s with IP options:%.800s", ipaddr, text); } #endif /* IP_OPTIONS */ diff --git a/sshd.c b/sshd.c index c4d66e2f..4b5f89e2 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.315 2005/09/21 23:37:11 djm Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.316 2005/10/30 08:29:29 dtucker Exp $"); #include #include @@ -1651,7 +1651,12 @@ main(int ac, char **av) debug("get_remote_port failed"); cleanup_exit(255); } - remote_ip = get_remote_ipaddr(); + + /* + * We use get_canonical_hostname with usedns = 0 instead of + * get_remote_ipaddr here so IP options will be checked. + */ + remote_ip = get_canonical_hostname(0); #ifdef SSH_AUDIT_EVENTS audit_connection_from(remote_ip, remote_port);