X-Git-Url: https://git.ozlabs.org/?p=ppp.git;a=blobdiff_plain;f=pppd%2Fauth.c;h=9a04ecf53793edc646520e59b8038dae0aa43164;hp=ea6bf7b10d4b8dad4d27f28de832c788c51e941c;hb=641e6003d6cb48bf970a590914d30ded6bc0952f;hpb=2d521b28a3060834254b8edca0cda6904f974744 diff --git a/pppd/auth.c b/pppd/auth.c index ea6bf7b..9a04ecf 100644 --- a/pppd/auth.c +++ b/pppd/auth.c @@ -33,7 +33,7 @@ */ #ifndef lint -static char rcsid[] = "$Id: auth.c,v 1.3 1994/04/18 03:59:28 paulus Exp $"; +static char rcsid[] = "$Id: auth.c,v 1.5 1994/05/24 11:20:26 paulus Exp $"; #endif #include @@ -280,6 +280,7 @@ auth_withpeer_success(unit, protocol) default: syslog(LOG_WARNING, "auth_peer_success: unknown protocol %x", protocol); + bit = 0; } /* @@ -643,6 +644,7 @@ get_secret(unit, client, server, secret, secret_len, save_addrs) char *server; char *secret; int *secret_len; + int save_addrs; { FILE *f; int ret, len; @@ -696,6 +698,10 @@ auth_ip_addr(unit, addr) struct hostent *hp; struct wordlist *addrs; + /* don't allow loopback or multicast address */ + if (bad_ip_adrs(addr)) + return 0; + if ((addrs = addresses[unit]) == NULL) return 1; /* no restriction */ @@ -717,6 +723,20 @@ auth_ip_addr(unit, addr) return 0; /* not in list => can't have it */ } +/* + * bad_ip_adrs - return 1 if the IP address is one we don't want + * to use, such as an address in the loopback net or a multicast address. + * addr is in network byte order. + */ +int +bad_ip_adrs(addr) + u_long addr; +{ + addr = ntohl(addr); + return (addr >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET + || IN_MULTICAST(addr) || IN_BADCLASS(addr); +} + /* * check_access - complain if a secret file has too-liberal permissions. */ @@ -843,7 +863,7 @@ scan_authfile(f, client, server, secret, addrs, filename) */ if (addr_list) free_wordlist(addr_list); - addr_list = NULL; + addr_list = addr_last = NULL; for (;;) { if (!getword(f, word, &newline, filename) || newline) break;