Fix for a DoS attack:
A remote user could telnet to the tinc daemon and type only this line: 61 6 00000000/00000000:28f This would deny any packets to be sent to other tinc networks (except for to the hosts that run tincd's themselves). Solution is to skip hosts in lookup_conn() that have not been activated yet. Fixed potential conn_list table corruption: If a new connection is accepted but a connection with the same subnet would already exist in the connection list, the OLD connection is terminated.
This commit is contained in:
Guus Sliepen
parent
4d71de15e8
commit
e4ff969a98
3 changed files with 17 additions and 9 deletions
|
|
@ -37,7 +37,8 @@
|
|||
|
||||
/*
|
||||
look for a connection associated with the given vpn ip,
|
||||
return its connection structure
|
||||
return its connection structure.
|
||||
Skips connections that are not activated!
|
||||
*/
|
||||
conn_list_t *lookup_conn(ip_t ip)
|
||||
{
|
||||
|
|
@ -45,10 +46,10 @@ conn_list_t *lookup_conn(ip_t ip)
|
|||
cp
|
||||
/* Exact match suggested by James B. MacLean */
|
||||
for(p = conn_list; p != NULL; p = p->next)
|
||||
if(ip == p->vpn_ip)
|
||||
if((ip == p->vpn_ip) && p->active)
|
||||
return p;
|
||||
for(p = conn_list; p != NULL; p = p->next)
|
||||
if((ip & p->vpn_mask) == (p->vpn_ip & p->vpn_mask))
|
||||
if(((ip & p->vpn_mask) == (p->vpn_ip & p->vpn_mask)) && p->active)
|
||||
return p;
|
||||
cp
|
||||
return NULL;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue