if port 20 incoming, kill it and try again

author: deraadt <> 1996-08-05 00:34:46 +0000
committer: deraadt <> 1996-08-05 00:34:46 +0000
commit: 81c42da8eab8db75b274dfad67c774e1de33b4b7 (patch)
tree: 14aa888f865d3504dd69317cef248b178276d446 /src
parent: 0aaa4c311dfae93c402588aa9d940f94263dcf0c (diff)
download: openbsd-81c42da8eab8db75b274dfad67c774e1de33b4b7.tar.gz
openbsd-81c42da8eab8db75b274dfad67c774e1de33b4b7.tar.bz2
openbsd-81c42da8eab8db75b274dfad67c774e1de33b4b7.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/src/lib/libc/net/rcmd.c b/src/lib/libc/net/rcmd.c
index 643604f3b3..86f35664e4 100644
--- a/src/lib/libc/net/rcmd.c
+++ b/src/lib/libc/net/rcmd.c
@@ -153,6 +153,7 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
                        (void)close(s2);
                        goto bad;
                }
+again:
                FD_ZERO(&reads);
                FD_SET(s, &reads);
                FD_SET(s2, &reads);
@@ -170,6 +171,14 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
                        goto bad;
                }
                s3 = accept(s2, (struct sockaddr *)&from, &len);
+                /*
+                 * XXX careful for ftp bounce attacks. If discovered, shut them
+                 * down and check for the real auxiliary channel to connect.
+                 */
+                if (from.sin_family == AF_INET && from.sin_port == htons(20)) {
+                        close(s3);
+                        goto again;
+                }
                (void)close(s2);
                if (s3 < 0) {
                        (void)fprintf(stderr,
author	deraadt <>	1996-08-05 00:34:46 +0000
committer	deraadt <>	1996-08-05 00:34:46 +0000
commit	81c42da8eab8db75b274dfad67c774e1de33b4b7 (patch)
tree	14aa888f865d3504dd69317cef248b178276d446 /src
parent	0aaa4c311dfae93c402588aa9d940f94263dcf0c (diff)
download	openbsd-81c42da8eab8db75b274dfad67c774e1de33b4b7.tar.gz openbsd-81c42da8eab8db75b274dfad67c774e1de33b4b7.tar.bz2 openbsd-81c42da8eab8db75b274dfad67c774e1de33b4b7.zip