1
0
mirror of https://git.FreeBSD.org/src.git synced 2025-01-08 13:28:05 +00:00

Fix a bug which could make routed(8) daemon exit by sending a special RIP

query from a remote machine, and disable accepting it by default.  This
requests a routed(8) daemon to dump routing information base for debugging
purpose.  An -i flag to enable it has been added.
This commit is contained in:
Hiroki Sato 2014-09-21 04:00:28 +00:00
parent 89c58b73e0
commit b9f70ced25
Notes: svn2git 2020-12-20 02:59:44 +00:00
svn path=/head/; revision=271919
5 changed files with 35 additions and 7 deletions

View File

@ -462,6 +462,7 @@ extern int ridhosts; /* 1=reduce host routes */
extern int mhome; /* 1=want multi-homed host route */ extern int mhome; /* 1=want multi-homed host route */
extern int advertise_mhome; /* 1=must continue advertising it */ extern int advertise_mhome; /* 1=must continue advertising it */
extern int auth_ok; /* 1=ignore auth if we do not care */ extern int auth_ok; /* 1=ignore auth if we do not care */
extern int insecure; /* Reply to special queries or not */
extern struct timeval clk; /* system clock's idea of time */ extern struct timeval clk; /* system clock's idea of time */
extern struct timeval epoch; /* system clock when started */ extern struct timeval epoch; /* system clock when started */

View File

@ -289,8 +289,19 @@ input(struct sockaddr_in *from, /* received from this IP address */
* with all we know. * with all we know.
*/ */
if (from->sin_port != htons(RIP_PORT)) { if (from->sin_port != htons(RIP_PORT)) {
/*
* insecure: query from non-router node
* > 1: allow from distant node
* > 0: allow from neighbor node
* == 0: deny
*/
if ((aifp != NULL && insecure > 0) ||
(aifp == NULL && insecure > 1))
supply(from, aifp, OUT_QUERY, 0, supply(from, aifp, OUT_QUERY, 0,
rip->rip_vers, ap != 0); rip->rip_vers, ap != 0);
else
trace_pkt("Warning: "
"possible attack detected");
return; return;
} }

View File

@ -68,6 +68,7 @@ int ridhosts; /* 1=reduce host routes */
int mhome; /* 1=want multi-homed host route */ int mhome; /* 1=want multi-homed host route */
int advertise_mhome; /* 1=must continue advertising it */ int advertise_mhome; /* 1=must continue advertising it */
int auth_ok = 1; /* 1=ignore auth if we do not care */ int auth_ok = 1; /* 1=ignore auth if we do not care */
int insecure; /* Reply to special queries or not */
struct timeval epoch; /* when started */ struct timeval epoch; /* when started */
struct timeval clk; struct timeval clk;
@ -136,8 +137,11 @@ main(int argc,
(void)gethostname(myname, sizeof(myname)-1); (void)gethostname(myname, sizeof(myname)-1);
(void)gethost(myname, &myaddr); (void)gethost(myname, &myaddr);
while ((n = getopt(argc, argv, "sqdghmAtvT:F:P:")) != -1) { while ((n = getopt(argc, argv, "isqdghmAtvT:F:P:")) != -1) {
switch (n) { switch (n) {
case 'i':
insecure++;
break;
case 's': case 's':
supplier = 1; supplier = 1;
supplier_set = 1; supplier_set = 1;

View File

@ -673,8 +673,6 @@ supply(struct sockaddr_in *dst,
struct rt_entry *rt; struct rt_entry *rt;
int def_metric; int def_metric;
assert(ifp != NULL);
ws.state = 0; ws.state = 0;
ws.gen_limit = 1024; ws.gen_limit = 1024;

View File

@ -30,7 +30,7 @@
.\" @(#)routed.8 8.2 (Berkeley) 12/11/93 .\" @(#)routed.8 8.2 (Berkeley) 12/11/93
.\" $FreeBSD$ .\" $FreeBSD$
.\" .\"
.Dd June 1, 1996 .Dd August 26, 2014
.Dt ROUTED 8 .Dt ROUTED 8
.Os .Os
.Sh NAME .Sh NAME
@ -39,7 +39,7 @@
.Nd network RIP and router discovery routing daemon .Nd network RIP and router discovery routing daemon
.Sh SYNOPSIS .Sh SYNOPSIS
.Nm .Nm
.Op Fl sqdghmpAtv .Op Fl isqdghmpAtv
.Op Fl T Ar tracefile .Op Fl T Ar tracefile
.Oo .Oo
.Fl F .Fl F
@ -250,6 +250,20 @@ to infer the netmask used by the remote system when RIPv1 is used.
.Pp .Pp
The following options are available: The following options are available:
.Bl -tag -width indent .Bl -tag -width indent
.It Fl i
allow
.Nm
to accept a RIP request from non-router node.
When specified once,
.Nm
replies to a route information query from neighbor nodes.
When specified twice,
it replies to a query from remote nodes in addition.
.Xr rtquery 8
utility can be used to send a request.
.Pp
This feature is disabled by default because of a risk of reflection attack
though it useful for debugging purpose,
.It Fl s .It Fl s
force force
.Nm .Nm