| commit | 97648fc257a17d71fe256990efe703afb7b4e48b | |
| author | Russ Allbery <rra@stanford.edu> | |
| Wed, 10 Feb 2010 19:11:42 +0000 (10 11:11 -0800) | ||
| committer | Love Hornquist Astrand <lha@h5l.org> | |
| Tue, 16 Mar 2010 18:50:22 +0000 (16 11:50 -0700) | ||
| tree | cdd60e077169c9f7d6ca366ec16a5f1944fd66f8 | treesnapshot (tar.gz zip) |
| parent | 5230b2f8f532cd82c516f1a9c2cbcb8795fb580d | commitdiff |
Disable kpasswdd error replies to completely malformed requests
Only send an error reply if the request passes basic verification.
Otherwise, kpasswdd would reply to every UDP packet, allowing an
attacker to set up a ping-pong DoS attack via a spoofed UDP packet with
a source address of another UDP service that also replies to every
packet.
Also suppress the error reply if ap_req_len is 0, since this indicates
an error packet. An error packet may be the result of a ping-pong
attacker pointing us at another kpasswdd.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
Only send an error reply if the request passes basic verification.
Otherwise, kpasswdd would reply to every UDP packet, allowing an
attacker to set up a ping-pong DoS attack via a spoofed UDP packet with
a source address of another UDP service that also replies to every
packet.
Also suppress the error reply if ap_req_len is 0, since this indicates
an error packet. An error packet may be the result of a ping-pong
attacker pointing us at another kpasswdd.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
| kpasswd/kpasswdd.c | diffblobblamehistory |