From 6b2bdf2c083d4f69ce5c25fb386e926ace4c6d19 Mon Sep 17 00:00:00 2001 From: John Polstra Date: Wed, 17 Nov 1999 01:54:17 +0000 Subject: [PATCH] Fix a bug in the hack that protects against FTP bounce attacks. It used to loop back up to the accept() call and block there, shutting out all other transports until a new connection came in. Now it returns instead after dropping the connection. That will take it back to the select() loop where all transports can be serviced. I intend to MFC this within a day or two since it fixes a DoS vulnerability. --- lib/libc/rpc/svc_tcp.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/lib/libc/rpc/svc_tcp.c b/lib/libc/rpc/svc_tcp.c index a87b361e87a5..b0aafbfe745b 100644 --- a/lib/libc/rpc/svc_tcp.c +++ b/lib/libc/rpc/svc_tcp.c @@ -244,12 +244,11 @@ rendezvous_request(xprt) return (FALSE); } /* - * XXX careful for ftp bounce attacks. If discovered, close the - * socket and look for another connection. + * Guard against FTP bounce attacks. */ if (addr.sin_port == htons(20)) { close(sock); - goto again; + return (FALSE); } /* * make a new transporter (re-uses xprt)