home *** CD-ROM | disk | FTP | other *** search
/ Power Hacker 2003 / Power_Hacker_2003.iso / Exploit and vulnerability / w00w00 / patches / don_lewis_tcp.diff next >
Encoding:
Text File  |  2000-01-25  |  7.3 KB  |  202 lines
  1. *** tcp_input.c.orig    Fri Jan 21 09:04:37 2000
  2. --- tcp_input.c Sat Jan 22 03:40:05 2000
  3. ***************
  4. *** 381,386 ****
  5. --- 381,387 ----
  6.         struct tcpopt to;               /* options in this segment */
  7.         struct rmxp_tao *taop;          /* pointer to our TAO cache entry */
  8.         struct rmxp_tao tao_noncached;  /* in case there's no cached entry */
  9. +       int wildcard = 0;
  10.   #ifdef TCPDEBUG
  11.         short ostate = 0;
  12.   #endif
  13. ***************
  14. *** 511,518 ****
  15.         drop_hdrlen = off0 + off;
  16.   
  17.         /*
  18. !       * Locate pcb for segment.
  19.         */
  20.   findpcb:
  21.   #ifdef IPFIREWALL_FORWARD
  22.         if (ip_fw_fwd_addr != NULL
  23. --- 512,528 ----
  24.         drop_hdrlen = off0 + off;
  25.   
  26.         /*
  27. !       * Locate pcb for segment.  If this is not a SYN segment, don't
  28. !       * bother searching for the pcb of a listening socket with a
  29. !       * wildcard address.
  30. !       *
  31. !       * Checking TH_RST isn't strictly necessary here, but it doesn't
  32. !       * cost anything, saves a hash lookup, takes a shorter path to
  33. !       * dropwithreset (which will drop the packet), and allows a test
  34. !       * to be removed from the TCPS_LISTEN case.
  35.         */
  36. +       if ((thflags & (TH_ACK|TH_SYN|TH_RST)) == TH_SYN)
  37. +               wildcard = 1;
  38.   findpcb:
  39.   #ifdef IPFIREWALL_FORWARD
  40.         if (ip_fw_fwd_addr != NULL
  41. ***************
  42. *** 533,544 ****
  43.                         if (!ip_fw_fwd_addr->sin_port) {
  44.                                 inp = in_pcblookup_hash(&tcbinfo, ip->ip_src,
  45.                                     th->th_sport, ip_fw_fwd_addr->sin_addr,
  46. !                                   th->th_dport, 1, m->m_pkthdr.rcvif);
  47.                         } else {
  48.                                 inp = in_pcblookup_hash(&tcbinfo,
  49.                                     ip->ip_src, th->th_sport,
  50.                                     ip_fw_fwd_addr->sin_addr,
  51. !                                   ntohs(ip_fw_fwd_addr->sin_port), 1,
  52.                                     m->m_pkthdr.rcvif);
  53.                         }
  54.                 }
  55. --- 543,554 ----
  56.                         if (!ip_fw_fwd_addr->sin_port) {
  57.                                 inp = in_pcblookup_hash(&tcbinfo, ip->ip_src,
  58.                                     th->th_sport, ip_fw_fwd_addr->sin_addr,
  59. !                                   th->th_dport, wildcard, m->m_pkthdr.rcvif);
  60.                         } else {
  61.                                 inp = in_pcblookup_hash(&tcbinfo,
  62.                                     ip->ip_src, th->th_sport,
  63.                                     ip_fw_fwd_addr->sin_addr,
  64. !                                   ntohs(ip_fw_fwd_addr->sin_port), wildcard,
  65.                                     m->m_pkthdr.rcvif);
  66.                         }
  67.                 }
  68. ***************
  69. *** 549,560 ****
  70.   #ifdef INET6
  71.         if (isipv6)
  72.                 inp = in6_pcblookup_hash(&tcbinfo, &ip6->ip6_src, th->th_sport,
  73. !                                       &ip6->ip6_dst, th->th_dport, 1,
  74.                                         m->m_pkthdr.rcvif);
  75.         else
  76.   #endif /* INET6 */
  77.         inp = in_pcblookup_hash(&tcbinfo, ip->ip_src, th->th_sport,
  78. !           ip->ip_dst, th->th_dport, 1, m->m_pkthdr.rcvif);
  79.         }
  80.   
  81.   #ifdef IPSEC
  82. --- 559,570 ----
  83.   #ifdef INET6
  84.         if (isipv6)
  85.                 inp = in6_pcblookup_hash(&tcbinfo, &ip6->ip6_src, th->th_sport,
  86. !                                       &ip6->ip6_dst, th->th_dport, wildcard,
  87.                                         m->m_pkthdr.rcvif);
  88.         else
  89.   #endif /* INET6 */
  90.         inp = in_pcblookup_hash(&tcbinfo, ip->ip_src, th->th_sport,
  91. !           ip->ip_dst, th->th_dport, wildcard, m->m_pkthdr.rcvif);
  92.         }
  93.   
  94.   #ifdef IPSEC
  95. ***************
  96. *** 615,624 ****
  97.                                 break;
  98.                         }
  99.                 }
  100. - #ifdef ICMP_BANDLIM
  101. -               if (badport_bandlim(1) < 0)
  102. -                       goto drop;
  103. - #endif
  104.                 if (blackhole) { 
  105.                         switch (blackhole) {
  106.                         case 1:
  107. --- 625,630 ----
  108. ***************
  109. *** 996,1001 ****
  110. --- 1002,1013 ----
  111.                 register struct sockaddr_in6 *sin6;
  112.   #endif
  113.   
  114. +               /*
  115. +               * XXX - the following three tests should no longer be
  116. +               * necessary because of the "wildcard" test added
  117. +               * above.  These should probably be changed to assertions
  118. +               * until the code is thoroughly shaked out.
  119. +               */
  120.                 if (thflags & TH_RST)
  121.                         goto drop;
  122.                 if (thflags & TH_ACK)
  123. ***************
  124. *** 1017,1032 ****
  125.                 * RFC1122 4.2.3.10, p. 104: discard bcast/mcast SYN
  126.                 * in_broadcast() should never return true on a received
  127.                 * packet with M_BCAST not set.
  128.                 */
  129.                 if (m->m_flags & (M_BCAST|M_MCAST))
  130.                         goto drop;
  131.   #ifdef INET6
  132.                 if (isipv6) {
  133. !                       if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst))
  134.                                 goto drop;
  135.                 } else
  136.   #endif
  137. !               if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr)))
  138.                         goto drop;
  139.   #ifdef INET6
  140.                 if (isipv6) {
  141. --- 1029,1050 ----
  142.                 * RFC1122 4.2.3.10, p. 104: discard bcast/mcast SYN
  143.                 * in_broadcast() should never return true on a received
  144.                 * packet with M_BCAST not set.
  145. +               *
  146. +               * Packets with a multicast source address should also
  147. +               * be discarded.
  148.                 */
  149.                 if (m->m_flags & (M_BCAST|M_MCAST))
  150.                         goto drop;
  151.   #ifdef INET6
  152.                 if (isipv6) {
  153. !                       if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) ||
  154. !                           IN6_IS_ADDR_MULTICAST(&ip6->ip6_src))
  155.                                 goto drop;
  156.                 } else
  157.   #endif
  158. !               if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr)) ||
  159. !                   IN_MULTICAST(ntohl(ip->ip_src.s_addr)) ||
  160. !                   IN_EXPERIMENTAL(ntohl(ip->ip_src.s_addr)))
  161.                         goto drop;
  162.   #ifdef INET6
  163.                 if (isipv6) {
  164. ***************
  165. *** 2217,2229 ****
  166.                 goto drop;
  167.   #ifdef INET6
  168.         if (isipv6) {
  169. !               if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst))
  170.                         goto drop;
  171.         } else
  172.   #endif /* INET6 */
  173. !       if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr)))
  174.                 goto drop;
  175.         /* IPv6 anycast check is done at tcp6_input() */
  176.   #ifdef TCPDEBUG
  177.         if (tp == 0 || (tp->t_inpcb->inp_socket->so_options & SO_DEBUG))
  178.                 tcp_trace(TA_DROP, ostate, tp, (void *)tcp_saveipgen,
  179. --- 2235,2254 ----
  180.                 goto drop;
  181.   #ifdef INET6
  182.         if (isipv6) {
  183. !               if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) ||
  184. !                   IN6_IS_ADDR_MULTICAST(&ip6->ip6_src))
  185.                         goto drop;
  186.         } else
  187.   #endif /* INET6 */
  188. !       if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr)) ||
  189. !           IN_MULTICAST(ntohl(ip->ip_src.s_addr)) ||
  190. !           IN_EXPERIMENTAL(ntohl(ip->ip_src.s_addr)))
  191.                 goto drop;
  192.         /* IPv6 anycast check is done at tcp6_input() */
  193. + #ifdef ICMP_BANDLIM
  194. +       if (badport_bandlim(1) < 0)
  195. +               goto drop;
  196. + #endif
  197.   #ifdef TCPDEBUG
  198.         if (tp == 0 || (tp->t_inpcb->inp_socket->so_options & SO_DEBUG))
  199.                 tcp_trace(TA_DROP, ostate, tp, (void *)tcp_saveipgen,
  200.  
  201.  
  202.