From b98c263379d9cf3fe2b79c950bdd98c197e78d2d Mon Sep 17 00:00:00 2001
From: itojun <itojun@NetBSD.org>
Date: Fri, 27 Aug 1999 16:06:17 +0000
Subject: [PATCH] resolve conflicts on upgrade (to 7.6).

---
 lib/libwrap/fix_options.c  | 72 ++++++++++++++++++++++++++++++++++----
 lib/libwrap/hosts_access.c |  9 ++---
 lib/libwrap/socket.c       | 14 ++++----
 3 files changed, 77 insertions(+), 18 deletions(-)

diff --git a/lib/libwrap/fix_options.c b/lib/libwrap/fix_options.c
index ea068028da60..91d111d7edb2 100644
--- a/lib/libwrap/fix_options.c
+++ b/lib/libwrap/fix_options.c
@@ -1,8 +1,8 @@
-/*	$NetBSD: fix_options.c,v 1.3 1997/10/09 21:20:26 christos Exp $	*/
+/*	$NetBSD: fix_options.c,v 1.4 1999/08/27 16:06:17 itojun Exp $	*/
 
  /*
   * Routine to disable IP-level socket options. This code was taken from 4.4BSD
-  * rlogind source, but all mistakes in it are my fault.
+  * rlogind and kernel source, but all mistakes in it are my fault.
   *
   * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
   */
@@ -10,9 +10,9 @@
 #include <sys/cdefs.h>
 #ifndef lint
 #if 0
-static char sccsid[] = "@(#) fix_options.c 1.3 94/12/28 17:42:22";
+static char sccsid[] = "@(#) fix_options.c 1.6 97/04/08 02:29:19";
 #else
-__RCSID("$NetBSD: fix_options.c,v 1.3 1997/10/09 21:20:26 christos Exp $");
+__RCSID("$NetBSD: fix_options.c,v 1.4 1999/08/27 16:06:17 itojun Exp $");
 #endif
 #endif
 
@@ -20,13 +20,23 @@ __RCSID("$NetBSD: fix_options.c,v 1.3 1997/10/09 21:20:26 christos Exp $");
 #include <sys/param.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
+#include <netinet/in_systm.h>
+#include <netinet/ip.h>
 #include <netdb.h>
 #include <stdio.h>
 #include <syslog.h>
 #include <stdlib.h>
 #include <unistd.h>
+
+#ifndef IPOPT_OPTVAL
+#define IPOPT_OPTVAL	0
+#define IPOPT_OLEN	1
+#endif
+
 #include "tcpd.h"
 
+#define BUFFER_SIZE	512		/* Was: BUFSIZ */
+
 /* fix_options - get rid of IP-level socket options */
 
 void
@@ -34,12 +44,15 @@ fix_options(request)
 struct request_info *request;
 {
 #ifdef IP_OPTIONS
-    unsigned char optbuf[BUFSIZ / 3], *cp;
-    char    lbuf[BUFSIZ], *lp;
+    unsigned char optbuf[BUFFER_SIZE / 3], *cp;
+    char    lbuf[BUFFER_SIZE], *lp;
     int     optsize = sizeof(optbuf), ipproto;
     struct protoent *ip;
     int     fd = request->fd;
     int     len = sizeof lbuf;
+    unsigned int opt;
+    int     optlen;
+    struct in_addr dummy;
 
     if ((ip = getprotobyname("ip")) != 0)
 	ipproto = ip->p_proto;
@@ -48,6 +61,51 @@ struct request_info *request;
 
     if (getsockopt(fd, ipproto, IP_OPTIONS, (char *) optbuf, &optsize) == 0
 	&& optsize != 0) {
+
+	/*
+	 * Horror! 4.[34] BSD getsockopt() prepends the first-hop destination
+	 * address to the result IP options list when source routing options
+	 * are present (see <netinet/ip_var.h>), but produces no output for
+	 * other IP options. Solaris 2.x getsockopt() does produce output for
+	 * non-routing IP options, and uses the same format as BSD even when
+	 * the space for the destination address is unused. The code below
+	 * does the right thing with 4.[34]BSD derivatives and Solaris 2, but
+	 * may occasionally miss source routing options on incompatible
+	 * systems such as Linux. Their choice.
+	 * 
+	 * Look for source routing options. Drop the connection when one is
+	 * found. Just wiping the IP options is insufficient: we would still
+	 * help the attacker by providing a real TCP sequence number, and the
+	 * attacker would still be able to send packets (blind spoofing). I
+	 * discussed this attack with Niels Provos, half a year before the
+	 * attack was described in open mailing lists.
+	 * 
+	 * It would be cleaner to just return a yes/no reply and let the caller
+	 * decide how to deal with it. Resident servers should not terminate.
+	 * However I am not prepared to make changes to internal interfaces
+	 * on short notice.
+	 */
+#define ADDR_LEN sizeof(dummy.s_addr)
+
+	for (cp = optbuf + ADDR_LEN; cp < optbuf + optsize; cp += optlen) {
+	    opt = cp[IPOPT_OPTVAL];
+	    if (opt == IPOPT_LSRR || opt == IPOPT_SSRR) {
+		syslog(LOG_WARNING,
+		   "refused connect from %s with IP source routing options",
+		       eval_client(request));
+		shutdown(fd, 2);
+		return;
+	    }
+	    if (opt == IPOPT_EOL)
+		break;
+	    if (opt == IPOPT_NOP) {
+		optlen = 1;
+	    } else {
+		optlen = cp[IPOPT_OLEN];
+		if (optlen <= 0)		/* Do not loop! */
+		    break;
+	    }
+	}
 	lp = lbuf;
 	for (cp = optbuf; optsize > 0; cp++, optsize--, lp += 3)
 	    len -= snprintf(lp, len, " %2.2x", *cp);
@@ -56,7 +114,7 @@ struct request_info *request;
 	       eval_client(request), lbuf);
 	if (setsockopt(fd, ipproto, IP_OPTIONS, (char *) 0, optsize) != 0) {
 	    syslog(LOG_ERR, "setsockopt IP_OPTIONS NULL: %m");
-	    clean_exit(request);
+	    shutdown(fd, 2);
 	}
     }
 #endif
diff --git a/lib/libwrap/hosts_access.c b/lib/libwrap/hosts_access.c
index f3b2cc764561..f6725a73a5bb 100644
--- a/lib/libwrap/hosts_access.c
+++ b/lib/libwrap/hosts_access.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: hosts_access.c,v 1.8 1999/07/03 12:30:41 simonb Exp $	*/
+/*	$NetBSD: hosts_access.c,v 1.9 1999/08/27 16:06:17 itojun Exp $	*/
 
  /*
   * This module implements a simple access control language that is based on
@@ -22,9 +22,9 @@
 #include <sys/cdefs.h>
 #ifndef lint
 #if 0
-static char sccsid[] = "@(#) hosts_access.c 1.20 96/02/11 17:01:27";
+static char sccsid[] = "@(#) hosts_access.c 1.21 97/02/12 02:13:22";
 #else
-__RCSID("$NetBSD: hosts_access.c,v 1.8 1999/07/03 12:30:41 simonb Exp $");
+__RCSID("$NetBSD: hosts_access.c,v 1.9 1999/08/27 16:06:17 itojun Exp $");
 #endif
 #endif
 
@@ -125,7 +125,8 @@ struct request_info *request;
 
     if (resident <= 0)
 	resident++;
-    if ((verdict = setjmp(tcpd_buf)) != 0)
+    verdict = setjmp(tcpd_buf);
+    if (verdict != 0)
 	return (verdict == AC_PERMIT);
     if (table_match(hosts_allow_table, request))
 	return (YES);
diff --git a/lib/libwrap/socket.c b/lib/libwrap/socket.c
index 097ad09eff7c..a69a6518ce82 100644
--- a/lib/libwrap/socket.c
+++ b/lib/libwrap/socket.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: socket.c,v 1.5 1999/07/03 12:30:42 simonb Exp $	*/
+/*	$NetBSD: socket.c,v 1.6 1999/08/27 16:06:17 itojun Exp $	*/
 
  /*
   * This module determines the type of socket (datagram, stream), the client
@@ -20,9 +20,9 @@
 #include <sys/cdefs.h>
 #ifndef lint
 #if 0
-static char sccsid[] = "@(#) socket.c 1.14 95/01/30 19:51:50";
+static char sccsid[] = "@(#) socket.c 1.15 97/03/21 19:27:24";
 #else
-__RCSID("$NetBSD: socket.c,v 1.5 1999/07/03 12:30:42 simonb Exp $");
+__RCSID("$NetBSD: socket.c,v 1.6 1999/08/27 16:06:17 itojun Exp $");
 #endif
 #endif
 
@@ -192,8 +192,8 @@ struct host_info *host;
 	     * problem. It could also be that someone is trying to spoof us.
 	     */
 
-	    tcpd_warn("host name/name mismatch: %s != %s",
-		      host->name, hp->h_name);
+	    tcpd_warn("host name/name mismatch: %s != %.*s",
+		      host->name, STRING_LENGTH, hp->h_name);
 
 	} else {
 
@@ -217,8 +217,8 @@ struct host_info *host;
 	     * server.
 	     */
 
-	    tcpd_warn("host name/address mismatch: %s != %s",
-		      inet_ntoa(sin->sin_addr), hp->h_name);
+	    tcpd_warn("host name/address mismatch: %s != %.*s",
+		      inet_ntoa(sin->sin_addr), STRING_LENGTH, hp->h_name);
 	}
 	/* name is bad, clobber it */
 	(void)strncpy(host->name, paranoid, sizeof(host->name) - 1);