Include upstream patch to prevent potential DOS with two RX servers

diff --git a/debian/patch.003_rx_packet_client_only b/debian/patch.003_rx_packet_client_only
new file mode 100644 (file)
index 0000000..209af33
--- /dev/null
+++ b/debian/patch.003_rx_packet_client_only
@@ -0,0 +1,59 @@
+Index: src/rx/rx_packet.c
+===================================================================
+RCS file: /cvs/openafs/src/rx/rx_packet.c,v
+retrieving revision 1.9
+retrieving revision 1.10
+diff -u -r1.9 -r1.10
+--- src/rx/rx_packet.c 2001/07/12 19:58:56     1.9
++++ src/rx/rx_packet.c 2001/07/20 15:59:43     1.10
+@@ -1112,6 +1112,17 @@
+     afs_int32 tl;
+     struct rx_serverQueueEntry *np, *nqe;
+ 
++    /*
++     * Only respond to client-initiated Rx debug packets,
++     * and clear the client flag in the response.
++     */
++    if (ap->header.flags & RX_CLIENT_INITIATED) {
++      ap->header.flags = ap->header.flags & ~RX_CLIENT_INITIATED;
++      rxi_EncodePacketHeader(ap);
++    } else {
++      return ap;
++    }
++
+     rx_packetread(ap, 0, sizeof(struct rx_debugIn), (char *)&tin);
+     /* all done with packet, now set length to the truth, so we can 
+      * reuse this packet */
+@@ -1384,13 +1395,27 @@
+   register struct rx_packet *ap;
+   int istack;
+ {
+-  afs_int32 tl;
+-      rx_packetwrite(ap, 0, 65, cml_version_number+4);
+-        tl = ap->length;
++    afs_int32 tl;
++
++    /*
++     * Only respond to client-initiated version requests, and
++     * clear that flag in the response.
++     */
++    if (ap->header.flags & RX_CLIENT_INITIATED) {
++      char buf[66];
++
++      ap->header.flags = ap->header.flags & ~RX_CLIENT_INITIATED;
++      rxi_EncodePacketHeader(ap);
++      bzero(buf, sizeof(buf));
++      snprintf(buf, sizeof(buf), "%s", cml_version_number+4);
++      rx_packetwrite(ap, 0, 65, buf);
++      tl = ap->length;
+       ap->length = 65;
+       rxi_SendDebugPacket(ap, asocket, ahost, aport, istack);
+-        ap->length = tl;
+-      return ap;
++      ap->length = tl;
++    }
++
++    return ap;
+ }
+ 
+ 

diff --git a/src/rx/rx_packet.c b/src/rx/rx_packet.c
index a732f4ace2e6f0c63f211d1543dcd6605461edf9..faaccc136714c25f406c3416fe67a07f7971acef 100644 (file)
--- a/src/rx/rx_packet.c
+++ b/src/rx/rx_packet.c
@@ -14,7 +14,7 @@
 #include <afs/param.h>
 #endif
 
-RCSID("$Header: /tmp/cvstemp/openafs/src/rx/rx_packet.c,v 1.1.1.5 2001/07/14 22:23:29 hartmans Exp $");
+RCSID("$Header: /tmp/cvstemp/openafs/src/rx/rx_packet.c,v 1.2 2001/07/21 12:51:39 hartmans Exp $");
 
 #ifdef KERNEL
 #if defined(UKERNEL)
@@ -1112,6 +1112,17 @@ struct rx_packet *rxi_ReceiveDebugPacket(ap, asocket, ahost, aport, istack)
     afs_int32 tl;
     struct rx_serverQueueEntry *np, *nqe;
 
+    /*
+     * Only respond to client-initiated Rx debug packets,
+     * and clear the client flag in the response.
+     */
+    if (ap->header.flags & RX_CLIENT_INITIATED) {
+       ap->header.flags = ap->header.flags & ~RX_CLIENT_INITIATED;
+       rxi_EncodePacketHeader(ap);
+    } else {
+       return ap;
+    }
+
     rx_packetread(ap, 0, sizeof(struct rx_debugIn), (char *)&tin);
     /* all done with packet, now set length to the truth, so we can 
      * reuse this packet */
@@ -1384,13 +1395,27 @@ struct rx_packet *rxi_ReceiveVersionPacket(ap, asocket, ahost, aport, istack)
   register struct rx_packet *ap;
   int istack;
 {
-  afs_int32 tl;
-       rx_packetwrite(ap, 0, 65, cml_version_number+4);
-        tl = ap->length;
+    afs_int32 tl;
+
+    /*
+     * Only respond to client-initiated version requests, and
+     * clear that flag in the response.
+     */
+    if (ap->header.flags & RX_CLIENT_INITIATED) {
+       char buf[66];
+
+       ap->header.flags = ap->header.flags & ~RX_CLIENT_INITIATED;
+       rxi_EncodePacketHeader(ap);
+       bzero(buf, sizeof(buf));
+       snprintf(buf, sizeof(buf), "%s", cml_version_number+4);
+       rx_packetwrite(ap, 0, 65, buf);
+       tl = ap->length;
        ap->length = 65;
        rxi_SendDebugPacket(ap, asocket, ahost, aport, istack);
-        ap->length = tl;
-       return ap;
+       ap->length = tl;
+    }
+
+    return ap;
 }