blob: 4c9b83063b4736eb064490c8431d535cd951e290 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
If a user sends a packet which is smaller than WHDRSIZE, the code
will later hit a loop which will result in the service faulting.
A simple DoS where the server will be taken out, but something
that should be fixed :).
http://bugs.gentoo.org/show_bug.cgi?id=78371
--- rwhod/rwhod.c
+++ rwhod/rwhod.c
@@ -258,6 +258,10 @@
syslog(LOG_WARNING, "recv: %m");
continue;
}
+ if (cc < WHDRSIZE) {
+ syslog(LOG_WARNING, "packet too small");
+ continue;
+ }
if (from.sin_port != sp->s_port) {
syslog(LOG_WARNING, "%d: bad from port",
ntohs(from.sin_port));
|
GitWeb
