Re-introduce bad_port_check(), which upstream dropped between 2.3.13 and 2.3.14

for it having been "rather antiquated for years", with no justification given

for that claim.

--- xinetd-2.3.15/xinetd/builtins.c	2012-05-09 17:40:29.000000000 +0200

+++ xinetd-2.3.15.new/xinetd/builtins.c	2012-05-14 10:25:00.431529805 +0200

@@ -52,6 +52,7 @@ static void dgram_daytime(const struct s

 static void stream_chargen(const struct server *) ;

 static void dgram_chargen(const struct server *) ;

 static void tcpmux_handler(const struct server *) ;

+static int bad_port_check(const union xsockaddr *, const char *);

 /*

  * SG - This is the call sequence to get to a built-in service

@@ -163,6 +164,25 @@ static void stream_echo( const struct se

       Sclose(descriptor);

 }

+/* For internal UDP services, make sure we don't respond to our ports

+ * on other servers and to low ports of other services (such as DNS).

+ * This can cause looping.

+ */

+static int bad_port_check( const union xsockaddr *sa, const char *func )

+{

+   uint16_t port = 0;

+

+   port = ntohs( xaddrport( sa ) );

+

+   if ( port < 1024 ) {

+      msg(LOG_WARNING, func,

+         "Possible Denial of Service attack from %s %d", xaddrname(sa), port);

+      return (-1);

+   }

+

+   return (0);

+}

+

 static void dgram_echo( const struct server *serp )

 {

    char            buf[ DATAGRAM_SIZE ] ;

@@ -170,6 +190,7 @@ static void dgram_echo( const struct ser

    ssize_t             cc ;

    socklen_t       sin_len = 0;

    int             descriptor = SERVER_FD( serp ) ;

+   const char      *func = "dgram_echo" ;

    if( SC_IPV4( SVC_CONF( SERVER_SERVICE( serp ) ) ) )

       sin_len = sizeof( struct sockaddr_in );

@@ -178,6 +199,7 @@ static void dgram_echo( const struct ser

    cc = recvfrom( descriptor, buf, sizeof( buf ), 0, (struct sockaddr *)( &lsin ), &sin_len ) ;

    if ( cc != (ssize_t)-1 ) {

+      if( bad_port_check(&lsin, func) != 0 ) return;

       (void) sendto( descriptor, buf, (size_t)cc, 0, SA( &lsin ), sizeof( lsin ) ) ;

    }

 }

@@ -292,6 +314,7 @@ static void dgram_daytime( const struct

    unsigned int    buflen      = sizeof( time_buf ) ;

    int             descriptor  = SERVER_FD( serp ) ;

    ssize_t         val;

+   const char      *func = "dgram_daytime" ;

    if ( SC_IPV4( SVC_CONF( SERVER_SERVICE( serp ) ) ) ) 

       sin_len = sizeof( struct sockaddr_in );

@@ -303,6 +326,8 @@ static void dgram_daytime( const struct

    if ( val == (ssize_t)-1 )

       return ;

+   if( bad_port_check(&lsin, func) != 0 ) return;

+

    daytime_protocol( time_buf, &buflen ) ;

    (void) sendto( descriptor, time_buf, buflen, 0, SA(&lsin), sizeof( lsin ) ) ;

@@ -359,6 +384,7 @@ static void dgram_time( const struct ser

    socklen_t       sin_len = 0 ;

    int             fd      = SERVER_FD( serp ) ;

    ssize_t         val;

+   const char      *func = "dgram_time" ;

    if ( SC_IPV4( SVC_CONF( SERVER_SERVICE( serp ) ) ) ) 

       sin_len = sizeof( struct sockaddr_in );

@@ -368,6 +394,7 @@ static void dgram_time( const struct ser

    val = recvfrom( fd, buf, sizeof( buf ), 0, (struct sockaddr *)( &lsin ), &sin_len );

    if ( val == (ssize_t)-1 )

       return ;

+   if( bad_port_check(&lsin, func) != 0 ) return;

    time_protocol( time_buf ) ;

    (void) sendto( fd, (char *) time_buf, 4, 0, SA( &lsin ), sin_len ) ;

@@ -466,6 +493,7 @@ static void dgram_chargen( const struct

    int             fd      = SERVER_FD( serp ) ;

    unsigned int    left    = sizeof( buf ) ;

    ssize_t         val;

+   const char      *func = "dgram_chargen" ;

    if ( SC_IPV4( SVC_CONF( SERVER_SERVICE( serp ) ) ) ) 

       sin_len = sizeof( struct sockaddr_in );

@@ -480,6 +508,8 @@ static void dgram_chargen( const struct

    bad_variable = 1 ;      /* this will cause a compilation error */

 #endif

+   if( bad_port_check(&lsin, func) != 0 ) return;

+

    for ( p = buf ; left > 2 ; left -= len, p += len )

    {

       len = min( LINE_LENGTH+2, left ) ;