incorrect", and only allow three bad passwords. Then
return an 421 reply code before closing the connection and
going away.
ftpcmd.y (cmd): Don't allow the PORT command to accept a port
number lower than 1024; this prevents some nasty ftp
"bounce attacks" to SMTP ports, etc.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10990
dc483132-0cff-0310-8789-
dd5450dbe970
+Fri Oct 23 18:18:52 1998 Theodore Y. Ts'o <tytso@mit.edu>
+
+ * ftpd.c (pass): Wait 5 seconds before returning "password
+ incorrect", and only allow three bad passwords. Then
+ return an 421 reply code before closing the connection and
+ going away.
+
+ * ftpcmd.y (cmd): Don't allow the PORT command to accept a port
+ number lower than 1024; this prevents some nasty ftp
+ "bounce attacks" to SMTP ports, etc.
+
Tue Oct 20 16:29:46 1998 Dan Winship <danw@mit.edu>
* ftpd.M: Reality check. Add -a to synopsis, document -c and -u
#endif
#endif
+static struct sockaddr_in host_port;
+
extern struct sockaddr_in data_dest;
extern int logged_in;
extern struct passwd *pw;
}
| PORT SP host_port CRLF
= {
- usedefault = 0;
- if (pdata >= 0) {
- (void) close(pdata);
- pdata = -1;
+ /*
+ * Don't allow a port < 1024 if we're not
+ * connecting back to the original source address
+ * This prevents nastier forms of the bounce attack.
+ */
+ if (ntohs(host_port.sin_port) < 1024)
+ reply(504, "Port number too low");
+ else {
+ data_dest = host_port;
+ usedefault = 0;
+ if (pdata >= 0) {
+ (void) close(pdata);
+ pdata = -1;
+ }
+ reply(200, "PORT command successful.");
}
- reply(200, "PORT command successful.");
}
| PASV check_login CRLF
= {
= {
register char *a, *p;
- a = (char *)&data_dest.sin_addr;
+ a = (char *)&host_port.sin_addr;
a[0] = $1; a[1] = $3; a[2] = $5; a[3] = $7;
- p = (char *)&data_dest.sin_port;
+ p = (char *)&host_port.sin_port;
p[0] = $9; p[1] = $11;
- data_dest.sin_family = AF_INET;
+ host_port.sin_family = AF_INET;
}
;
strcmp(xpasswd, pw->pw_passwd))
#endif /* KRB5_KRB4_COMPAT */
{
- reply(530, "Login incorrect.");
pw = NULL;
- if (login_attempts++ >= 5) {
+ sleep(5);
+ if (++login_attempts >= 3) {
+ reply(421,
+ "Login incorrect, closing connection.");
syslog(LOG_NOTICE,
"repeated login failures from %s",
remotehost);
exit(0);
}
+ reply(530, "Login incorrect.");
return;
}
}
projects / krb5.git / commitdiff