vishalmishra434 / rpms / openssh

Forked from rpms/openssh a month ago
Clone
Jakub Jelen 5878eb
diff -up openssh/sshd.c.ip-opts openssh/sshd.c
Jakub Jelen 5878eb
--- openssh/sshd.c.ip-opts	2016-07-25 13:58:48.998507834 +0200
Jakub Jelen 5878eb
+++ openssh/sshd.c	2016-07-25 14:01:28.346469878 +0200
Dmitry Belyavskiy f79c12
@@ -1507,12 +1507,32 @@ check_ip_options(struct ssh *ssh)
Jakub Jelen 5878eb
 
Jakub Jelen 5878eb
 	if (getsockopt(sock_in, IPPROTO_IP, IP_OPTIONS, opts,
Jan F. Chadima 49d0cf
 	    &option_size) >= 0 && option_size != 0) {
Jan F. Chadima 49d0cf
-		text[0] = '\0';
Jan F. Chadima 49d0cf
-		for (i = 0; i < option_size; i++)
Jan F. Chadima 49d0cf
-			snprintf(text + i*3, sizeof(text) - i*3,
Jakub Jelen 5878eb
-			    " %2.2x", opts[i]);
Jakub Jelen 5878eb
-		fatal("Connection from %.100s port %d with IP opts: %.800s",
Jakub Jelen 5878eb
-		    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), text);
Jan F. Chadima 49d0cf
+		i = 0;
Jan F. Chadima 49d0cf
+		do {
Jakub Jelen 5878eb
+			switch (opts[i]) {
Jan F. Chadima 49d0cf
+				case 0:
Jan F. Chadima 49d0cf
+				case 1:
Jan F. Chadima 49d0cf
+					++i;
Jan F. Chadima 49d0cf
+					break;
Petr Lautrbach 94c6f8
+				case 130:
Petr Lautrbach 94c6f8
+				case 133:
Petr Lautrbach 94c6f8
+				case 134:
Dmitry Belyavskiy f79c12
+					if (i + 1 < option_size && opts[i + 1] >= 2) {
Dmitry Belyavskiy f79c12
+						i += opts[i + 1];
Dmitry Belyavskiy f79c12
+						break;
Dmitry Belyavskiy f79c12
+					}
Dmitry Belyavskiy f79c12
+					/* FALLTHROUGH */
Petr Lautrbach 94c6f8
+				default:
Jan F. Chadima 49d0cf
+				/* Fail, fatally, if we detect either loose or strict
Dmitry Belyavskiy f79c12
+			 	 * or incorrect source routing options. */
Jan F. Chadima 49d0cf
+					text[0] = '\0';
Jan F. Chadima 49d0cf
+					for (i = 0; i < option_size; i++)
Jan F. Chadima 49d0cf
+						snprintf(text + i*3, sizeof(text) - i*3,
Jakub Jelen 5878eb
+							" %2.2x", opts[i]);
Jakub Jelen 5878eb
+					fatal("Connection from %.100s port %d with IP options:%.800s",
Jakub Jelen 5878eb
+						ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), text);
Jan F. Chadima 49d0cf
+			}
Jan F. Chadima 49d0cf
+		} while (i < option_size);
Jan F. Chadima 49d0cf
 	}
Jakub Jelen 5878eb
 	return;
Jan F. Chadima 49d0cf
 #endif /* IP_OPTIONS */