diff options
| author | Theodore Tso <tytso@mit.edu> | 1998-10-24 00:25:41 +0000 |
|---|---|---|
| committer | Theodore Tso <tytso@mit.edu> | 1998-10-24 00:25:41 +0000 |
| commit | 8446e8ed8eaf83ecbbeb319333c8a88d34adb99a (patch) | |
| tree | 307bed7efe9db0e8848f02c9d0e1b689016dc386 | |
| parent | 5c19db3233ead047761b251c26daa571e0b9d74e (diff) | |
| download | krb5-8446e8ed8eaf83ecbbeb319333c8a88d34adb99a.tar.gz krb5-8446e8ed8eaf83ecbbeb319333c8a88d34adb99a.tar.xz krb5-8446e8ed8eaf83ecbbeb319333c8a88d34adb99a.zip | |
ftpd.c (pass): Wait 5 seconds before returning "password
incorrect", and only allow three bad passwords. Then
return an 421 reply code before closing the connection and
going away.
ftpcmd.y (cmd): Don't allow the PORT command to accept a port
number lower than 1024; this prevents some nasty ftp
"bounce attacks" to SMTP ports, etc.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10990 dc483132-0cff-0310-8789-dd5450dbe970
| -rw-r--r-- | src/appl/gssftp/ftpd/ChangeLog | 11 | ||||
| -rw-r--r-- | src/appl/gssftp/ftpd/ftpcmd.y | 28 | ||||
| -rw-r--r-- | src/appl/gssftp/ftpd/ftpd.c | 7 |
3 files changed, 36 insertions, 10 deletions
diff --git a/src/appl/gssftp/ftpd/ChangeLog b/src/appl/gssftp/ftpd/ChangeLog index 400d4834d..92e0e9b5a 100644 --- a/src/appl/gssftp/ftpd/ChangeLog +++ b/src/appl/gssftp/ftpd/ChangeLog @@ -1,3 +1,14 @@ +Fri Oct 23 18:18:52 1998 Theodore Y. Ts'o <tytso@mit.edu> + + * ftpd.c (pass): Wait 5 seconds before returning "password + incorrect", and only allow three bad passwords. Then + return an 421 reply code before closing the connection and + going away. + + * ftpcmd.y (cmd): Don't allow the PORT command to accept a port + number lower than 1024; this prevents some nasty ftp + "bounce attacks" to SMTP ports, etc. + Tue Oct 20 16:29:46 1998 Dan Winship <danw@mit.edu> * ftpd.M: Reality check. Add -a to synopsis, document -c and -u diff --git a/src/appl/gssftp/ftpd/ftpcmd.y b/src/appl/gssftp/ftpd/ftpcmd.y index f237bb7c0..5b75a4600 100644 --- a/src/appl/gssftp/ftpd/ftpcmd.y +++ b/src/appl/gssftp/ftpd/ftpcmd.y @@ -107,6 +107,8 @@ extern gss_ctx_id_t gcontext; #endif #endif +static struct sockaddr_in host_port; + extern struct sockaddr_in data_dest; extern int logged_in; extern struct passwd *pw; @@ -217,12 +219,22 @@ cmd: USER SP username CRLF } | PORT SP host_port CRLF = { - usedefault = 0; - if (pdata >= 0) { - (void) close(pdata); - pdata = -1; + /* + * Don't allow a port < 1024 if we're not + * connecting back to the original source address + * This prevents nastier forms of the bounce attack. + */ + if (ntohs(host_port.sin_port) < 1024) + reply(504, "Port number too low"); + else { + data_dest = host_port; + usedefault = 0; + if (pdata >= 0) { + (void) close(pdata); + pdata = -1; + } + reply(200, "PORT command successful."); } - reply(200, "PORT command successful."); } | PASV check_login CRLF = { @@ -674,11 +686,11 @@ host_port: NUMBER COMMA NUMBER COMMA NUMBER COMMA NUMBER COMMA = { register char *a, *p; - a = (char *)&data_dest.sin_addr; + a = (char *)&host_port.sin_addr; a[0] = $1; a[1] = $3; a[2] = $5; a[3] = $7; - p = (char *)&data_dest.sin_port; + p = (char *)&host_port.sin_port; p[0] = $9; p[1] = $11; - data_dest.sin_family = AF_INET; + host_port.sin_family = AF_INET; } ; diff --git a/src/appl/gssftp/ftpd/ftpd.c b/src/appl/gssftp/ftpd/ftpd.c index 44bf8dfe5..5b861c6f1 100644 --- a/src/appl/gssftp/ftpd/ftpd.c +++ b/src/appl/gssftp/ftpd/ftpd.c @@ -910,14 +910,17 @@ pass(passwd) strcmp(xpasswd, pw->pw_passwd)) #endif /* KRB5_KRB4_COMPAT */ { - reply(530, "Login incorrect."); pw = NULL; - if (login_attempts++ >= 5) { + sleep(5); + if (++login_attempts >= 3) { + reply(421, + "Login incorrect, closing connection."); syslog(LOG_NOTICE, "repeated login failures from %s", remotehost); exit(0); } + reply(530, "Login incorrect."); return; } } |