mirror of
https://abf.rosa.ru/djam/openssh.git
synced 2025-02-23 17:52:57 +00:00
39 lines
1.2 KiB
Diff
39 lines
1.2 KiB
Diff
diff -ur openssh-9.5p1/sshd.c openssh-9.5p1_patched/sshd.c
|
|
--- openssh-9.5p1/sshd.c 2023-11-06 14:04:09.310023601 +0300
|
|
+++ openssh-9.5p1_patched/sshd.c 2023-11-06 14:23:27.146390847 +0300
|
|
@@ -1429,12 +1429,29 @@
|
|
|
|
if (getsockopt(sock_in, IPPROTO_IP, IP_OPTIONS, opts,
|
|
&option_size) >= 0 && option_size != 0) {
|
|
- text[0] = '\0';
|
|
- for (i = 0; i < option_size; i++)
|
|
- snprintf(text + i*3, sizeof(text) - i*3,
|
|
- " %2.2x", opts[i]);
|
|
- fatal("Connection from %.100s port %d with IP opts: %.800s",
|
|
- ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), text);
|
|
+ i = 0;
|
|
+ do {
|
|
+ switch (opts[i]) {
|
|
+ case 0:
|
|
+ case 1:
|
|
+ ++i;
|
|
+ break;
|
|
+ case 130:
|
|
+ case 133:
|
|
+ case 134:
|
|
+ i += opts[i + 1];
|
|
+ break;
|
|
+ default:
|
|
+ /* Fail, fatally, if we detect either loose or strict
|
|
+ * source routing options. */
|
|
+ text[0] = '\0';
|
|
+ for (i = 0; i < option_size; i++)
|
|
+ snprintf(text + i*3, sizeof(text) - i*3,
|
|
+ " %2.2x", opts[i]);
|
|
+ fatal("Connection from %.100s port %d with IP options:%.800s",
|
|
+ ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), text);
|
|
+ }
|
|
+ } while (i < option_size);
|
|
}
|
|
return;
|
|
#endif /* IP_OPTIONS */
|