gnustep/libs-base
0
0
Fork 0
mirror of https://github.com/gnustep/libs-base.git synced 2025-06-02 09:31:07 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'master' of github.com:gnustep/libs-base into NSFile_changes_branch

Browse source
This commit is contained in:
Gregory John Casamento 2019-09-18 13:37:30 -04:00
commit a0f63f7100
2 changed files with 30 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

12
ChangeLog
View file

@ -1,3 +1,15 @@
2019-09-16 Alan Jenkins <alan.christopher.jenkins@gmail.com>
* Tools/gdompa.c:
A couple of is_local_net() tests were wrong: they used "&&"
with masks, but that is the logical shortcut operator.
The correct bitwise operator is "&". The result was that
is_local_net() was always returning true!
Only allow local processes to send GDO_SERVERS requests.
This request is only useful locally. Do not allow remote
requests for the server list. Our response can be large,
so it would make a great UDP amplification attack.
2019-08-12 Richard Frith-Macdonald <rfm@gnu.org> 2019-08-12 Richard Frith-Macdonald <rfm@gnu.org>
* Source/GSSocketStream.m: Fix for hang when writing large https * Source/GSSocketStream.m: Fix for hang when writing large https

21
Tools/gdomap.c
View file

@ -419,7 +419,7 @@ is_local_net(struct in_addr a)
for (i = 0; i < interfaces; i++) for (i = 0; i < interfaces; i++)
{ {
if ((mask[i].s_addr && addr[i].s_addr) == (mask[i].s_addr && a.s_addr)) if ((mask[i].s_addr & addr[i].s_addr) == (mask[i].s_addr & a.s_addr))
{ {
return 1; return 1;
} }
@ -3100,6 +3100,21 @@ handle_request(int desc)
unsigned int i; unsigned int i;
unsigned int j; unsigned int j;
/*
* See if this is a request from a local process.
*
* This request is only useful locally. Do not allow remote
* requests for the server list. Our response can be large,
* so it would make a great UDP amplification attack.
*/
if (is_local_host(ri->addr.sin_addr) == 0)
{
snprintf(ebuf, sizeof(ebuf), "Illegal attempt to list servers!");
gdomap_log(LOG_ERR);
clear_chan(desc);
return;
}
free(wi->buf); free(wi->buf);
wi->buf = (char*)calloc(sizeof(uint32_t) wi->buf = (char*)calloc(sizeof(uint32_t)
+ (prb_used+1)*IASIZE, 1); + (prb_used+1)*IASIZE, 1);
@ -3260,8 +3275,8 @@ handle_request(int desc)
{ {
continue; continue;
} }
if ((mask[i].s_addr && addr[i].s_addr) == if ((mask[i].s_addr & addr[i].s_addr) ==
(mask[i].s_addr && ri->addr.sin_addr.s_addr)) (mask[i].s_addr & ri->addr.sin_addr.s_addr))
{ {
laddr = addr[i]; laddr = addr[i];
memcpy(wbuf, &laddr, IASIZE); memcpy(wbuf, &laddr, IASIZE);