From 25fdbea509cdc03414014c5bca9134cf6c78bd08 Mon Sep 17 00:00:00 2001 From: Sam Hartman Date: Sat, 21 Jul 2001 12:51:39 +0000 Subject: [PATCH] Include upstream patch to prevent potential DOS with two RX servers --- debian/patch.003_rx_packet_client_only | 59 ++++++++++++++++++++++++++ src/rx/rx_packet.c | 37 +++++++++++++--- 2 files changed, 90 insertions(+), 6 deletions(-) create mode 100644 debian/patch.003_rx_packet_client_only diff --git a/debian/patch.003_rx_packet_client_only b/debian/patch.003_rx_packet_client_only new file mode 100644 index 000000000..209af33d8 --- /dev/null +++ b/debian/patch.003_rx_packet_client_only @@ -0,0 +1,59 @@ +Index: src/rx/rx_packet.c +=================================================================== +RCS file: /cvs/openafs/src/rx/rx_packet.c,v +retrieving revision 1.9 +retrieving revision 1.10 +diff -u -r1.9 -r1.10 +--- src/rx/rx_packet.c 2001/07/12 19:58:56 1.9 ++++ src/rx/rx_packet.c 2001/07/20 15:59:43 1.10 +@@ -1112,6 +1112,17 @@ + afs_int32 tl; + struct rx_serverQueueEntry *np, *nqe; + ++ /* ++ * Only respond to client-initiated Rx debug packets, ++ * and clear the client flag in the response. ++ */ ++ if (ap->header.flags & RX_CLIENT_INITIATED) { ++ ap->header.flags = ap->header.flags & ~RX_CLIENT_INITIATED; ++ rxi_EncodePacketHeader(ap); ++ } else { ++ return ap; ++ } ++ + rx_packetread(ap, 0, sizeof(struct rx_debugIn), (char *)&tin); + /* all done with packet, now set length to the truth, so we can + * reuse this packet */ +@@ -1384,13 +1395,27 @@ + register struct rx_packet *ap; + int istack; + { +- afs_int32 tl; +- rx_packetwrite(ap, 0, 65, cml_version_number+4); +- tl = ap->length; ++ afs_int32 tl; ++ ++ /* ++ * Only respond to client-initiated version requests, and ++ * clear that flag in the response. ++ */ ++ if (ap->header.flags & RX_CLIENT_INITIATED) { ++ char buf[66]; ++ ++ ap->header.flags = ap->header.flags & ~RX_CLIENT_INITIATED; ++ rxi_EncodePacketHeader(ap); ++ bzero(buf, sizeof(buf)); ++ snprintf(buf, sizeof(buf), "%s", cml_version_number+4); ++ rx_packetwrite(ap, 0, 65, buf); ++ tl = ap->length; + ap->length = 65; + rxi_SendDebugPacket(ap, asocket, ahost, aport, istack); +- ap->length = tl; +- return ap; ++ ap->length = tl; ++ } ++ ++ return ap; + } + + diff --git a/src/rx/rx_packet.c b/src/rx/rx_packet.c index a732f4ace..faaccc136 100644 --- a/src/rx/rx_packet.c +++ b/src/rx/rx_packet.c @@ -14,7 +14,7 @@ #include #endif -RCSID("$Header: /tmp/cvstemp/openafs/src/rx/rx_packet.c,v 1.1.1.5 2001/07/14 22:23:29 hartmans Exp $"); +RCSID("$Header: /tmp/cvstemp/openafs/src/rx/rx_packet.c,v 1.2 2001/07/21 12:51:39 hartmans Exp $"); #ifdef KERNEL #if defined(UKERNEL) @@ -1112,6 +1112,17 @@ struct rx_packet *rxi_ReceiveDebugPacket(ap, asocket, ahost, aport, istack) afs_int32 tl; struct rx_serverQueueEntry *np, *nqe; + /* + * Only respond to client-initiated Rx debug packets, + * and clear the client flag in the response. + */ + if (ap->header.flags & RX_CLIENT_INITIATED) { + ap->header.flags = ap->header.flags & ~RX_CLIENT_INITIATED; + rxi_EncodePacketHeader(ap); + } else { + return ap; + } + rx_packetread(ap, 0, sizeof(struct rx_debugIn), (char *)&tin); /* all done with packet, now set length to the truth, so we can * reuse this packet */ @@ -1384,13 +1395,27 @@ struct rx_packet *rxi_ReceiveVersionPacket(ap, asocket, ahost, aport, istack) register struct rx_packet *ap; int istack; { - afs_int32 tl; - rx_packetwrite(ap, 0, 65, cml_version_number+4); - tl = ap->length; + afs_int32 tl; + + /* + * Only respond to client-initiated version requests, and + * clear that flag in the response. + */ + if (ap->header.flags & RX_CLIENT_INITIATED) { + char buf[66]; + + ap->header.flags = ap->header.flags & ~RX_CLIENT_INITIATED; + rxi_EncodePacketHeader(ap); + bzero(buf, sizeof(buf)); + snprintf(buf, sizeof(buf), "%s", cml_version_number+4); + rx_packetwrite(ap, 0, 65, buf); + tl = ap->length; ap->length = 65; rxi_SendDebugPacket(ap, asocket, ahost, aport, istack); - ap->length = tl; - return ap; + ap->length = tl; + } + + return ap; } -- 2.39.5