Re-introduce bad_port_check(), which upstream dropped between 2.3.13 and 2.3.14 for it having been "rather antiquated for years", with no justification given for that claim. --- xinetd-2.3.15/xinetd/builtins.c 2012-05-09 17:40:29.000000000 +0200 +++ xinetd-2.3.15.new/xinetd/builtins.c 2012-05-14 10:25:00.431529805 +0200 @@ -52,6 +52,7 @@ static void dgram_daytime(const struct s static void stream_chargen(const struct server *) ; static void dgram_chargen(const struct server *) ; static void tcpmux_handler(const struct server *) ; +static int bad_port_check(const union xsockaddr *, const char *); /* * SG - This is the call sequence to get to a built-in service @@ -163,6 +164,25 @@ static void stream_echo( const struct se Sclose(descriptor); } +/* For internal UDP services, make sure we don't respond to our ports + * on other servers and to low ports of other services (such as DNS). + * This can cause looping. + */ +static int bad_port_check( const union xsockaddr *sa, const char *func ) +{ + uint16_t port = 0; + + port = ntohs( xaddrport( sa ) ); + + if ( port < 1024 ) { + msg(LOG_WARNING, func, + "Possible Denial of Service attack from %s %d", xaddrname(sa), port); + return (-1); + } + + return (0); +} + static void dgram_echo( const struct server *serp ) { char buf[ DATAGRAM_SIZE ] ; @@ -170,6 +190,7 @@ static void dgram_echo( const struct ser ssize_t cc ; socklen_t sin_len = 0; int descriptor = SERVER_FD( serp ) ; + const char *func = "dgram_echo" ; if( SC_IPV4( SVC_CONF( SERVER_SERVICE( serp ) ) ) ) sin_len = sizeof( struct sockaddr_in ); @@ -178,6 +199,7 @@ static void dgram_echo( const struct ser cc = recvfrom( descriptor, buf, sizeof( buf ), 0, (struct sockaddr *)( &lsin ), &sin_len ) ; if ( cc != (ssize_t)-1 ) { + if( bad_port_check(&lsin, func) != 0 ) return; (void) sendto( descriptor, buf, (size_t)cc, 0, SA( &lsin ), sizeof( lsin ) ) ; } } @@ -292,6 +314,7 @@ static void dgram_daytime( const struct unsigned int buflen = sizeof( time_buf ) ; int descriptor = SERVER_FD( serp ) ; ssize_t val; + const char *func = "dgram_daytime" ; if ( SC_IPV4( SVC_CONF( SERVER_SERVICE( serp ) ) ) ) sin_len = sizeof( struct sockaddr_in ); @@ -303,6 +326,8 @@ static void dgram_daytime( const struct if ( val == (ssize_t)-1 ) return ; + if( bad_port_check(&lsin, func) != 0 ) return; + daytime_protocol( time_buf, &buflen ) ; (void) sendto( descriptor, time_buf, buflen, 0, SA(&lsin), sizeof( lsin ) ) ; @@ -359,6 +384,7 @@ static void dgram_time( const struct ser socklen_t sin_len = 0 ; int fd = SERVER_FD( serp ) ; ssize_t val; + const char *func = "dgram_time" ; if ( SC_IPV4( SVC_CONF( SERVER_SERVICE( serp ) ) ) ) sin_len = sizeof( struct sockaddr_in ); @@ -368,6 +394,7 @@ static void dgram_time( const struct ser val = recvfrom( fd, buf, sizeof( buf ), 0, (struct sockaddr *)( &lsin ), &sin_len ); if ( val == (ssize_t)-1 ) return ; + if( bad_port_check(&lsin, func) != 0 ) return; time_protocol( time_buf ) ; (void) sendto( fd, (char *) time_buf, 4, 0, SA( &lsin ), sin_len ) ; @@ -466,6 +493,7 @@ static void dgram_chargen( const struct int fd = SERVER_FD( serp ) ; unsigned int left = sizeof( buf ) ; ssize_t val; + const char *func = "dgram_chargen" ; if ( SC_IPV4( SVC_CONF( SERVER_SERVICE( serp ) ) ) ) sin_len = sizeof( struct sockaddr_in ); @@ -480,6 +508,8 @@ static void dgram_chargen( const struct bad_variable = 1 ; /* this will cause a compilation error */ #endif + if( bad_port_check(&lsin, func) != 0 ) return; + for ( p = buf ; left > 2 ; left -= len, p += len ) { len = min( LINE_LENGTH+2, left ) ;