From: Theodore Tso Date: Sat, 24 Oct 1998 00:25:41 +0000 (+0000) Subject: ftpd.c (pass): Wait 5 seconds before returning "password X-Git-Tag: krb5-1.1-beta1~518 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=8446e8ed8eaf83ecbbeb319333c8a88d34adb99a;p=krb5.git ftpd.c (pass): Wait 5 seconds before returning "password incorrect", and only allow three bad passwords. Then return an 421 reply code before closing the connection and going away. ftpcmd.y (cmd): Don't allow the PORT command to accept a port number lower than 1024; this prevents some nasty ftp "bounce attacks" to SMTP ports, etc. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10990 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/appl/gssftp/ftpd/ChangeLog b/src/appl/gssftp/ftpd/ChangeLog index 400d4834d..92e0e9b5a 100644 --- a/src/appl/gssftp/ftpd/ChangeLog +++ b/src/appl/gssftp/ftpd/ChangeLog @@ -1,3 +1,14 @@ +Fri Oct 23 18:18:52 1998 Theodore Y. Ts'o + + * ftpd.c (pass): Wait 5 seconds before returning "password + incorrect", and only allow three bad passwords. Then + return an 421 reply code before closing the connection and + going away. + + * ftpcmd.y (cmd): Don't allow the PORT command to accept a port + number lower than 1024; this prevents some nasty ftp + "bounce attacks" to SMTP ports, etc. + Tue Oct 20 16:29:46 1998 Dan Winship * ftpd.M: Reality check. Add -a to synopsis, document -c and -u diff --git a/src/appl/gssftp/ftpd/ftpcmd.y b/src/appl/gssftp/ftpd/ftpcmd.y index f237bb7c0..5b75a4600 100644 --- a/src/appl/gssftp/ftpd/ftpcmd.y +++ b/src/appl/gssftp/ftpd/ftpcmd.y @@ -107,6 +107,8 @@ extern gss_ctx_id_t gcontext; #endif #endif +static struct sockaddr_in host_port; + extern struct sockaddr_in data_dest; extern int logged_in; extern struct passwd *pw; @@ -217,12 +219,22 @@ cmd: USER SP username CRLF } | PORT SP host_port CRLF = { - usedefault = 0; - if (pdata >= 0) { - (void) close(pdata); - pdata = -1; + /* + * Don't allow a port < 1024 if we're not + * connecting back to the original source address + * This prevents nastier forms of the bounce attack. + */ + if (ntohs(host_port.sin_port) < 1024) + reply(504, "Port number too low"); + else { + data_dest = host_port; + usedefault = 0; + if (pdata >= 0) { + (void) close(pdata); + pdata = -1; + } + reply(200, "PORT command successful."); } - reply(200, "PORT command successful."); } | PASV check_login CRLF = { @@ -674,11 +686,11 @@ host_port: NUMBER COMMA NUMBER COMMA NUMBER COMMA NUMBER COMMA = { register char *a, *p; - a = (char *)&data_dest.sin_addr; + a = (char *)&host_port.sin_addr; a[0] = $1; a[1] = $3; a[2] = $5; a[3] = $7; - p = (char *)&data_dest.sin_port; + p = (char *)&host_port.sin_port; p[0] = $9; p[1] = $11; - data_dest.sin_family = AF_INET; + host_port.sin_family = AF_INET; } ; diff --git a/src/appl/gssftp/ftpd/ftpd.c b/src/appl/gssftp/ftpd/ftpd.c index 44bf8dfe5..5b861c6f1 100644 --- a/src/appl/gssftp/ftpd/ftpd.c +++ b/src/appl/gssftp/ftpd/ftpd.c @@ -910,14 +910,17 @@ pass(passwd) strcmp(xpasswd, pw->pw_passwd)) #endif /* KRB5_KRB4_COMPAT */ { - reply(530, "Login incorrect."); pw = NULL; - if (login_attempts++ >= 5) { + sleep(5); + if (++login_attempts >= 3) { + reply(421, + "Login incorrect, closing connection."); syslog(LOG_NOTICE, "repeated login failures from %s", remotehost); exit(0); } + reply(530, "Login incorrect."); return; } }