Fix for a DoS attack:

[tinc] / src / netutl.c

diff --git a/src/netutl.c b/src/netutl.c
index 9e60dbb..5b4badf 100644 (file)
--- a/src/netutl.c
+++ b/src/netutl.c
@@ -1,6 +1,6 @@
 /*
     netutl.c -- some supporting network utility code
-    Copyright (C) 1998,99 Ivo Timmermans <zarq@iname.com>
+    Copyright (C) 1998,1999,2000 Ivo Timmermans <zarq@iname.com>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -37,7 +37,8 @@
 
 /*
   look for a connection associated with the given vpn ip,
-  return its connection structure
+  return its connection structure.
+  Skips connections that are not activated!
 */
 conn_list_t *lookup_conn(ip_t ip)
 {
@@ -45,10 +46,10 @@ conn_list_t *lookup_conn(ip_t ip)
 cp
   /* Exact match suggested by James B. MacLean */
   for(p = conn_list; p != NULL; p = p->next)
-    if(ip  == p->vpn_ip)
+    if((ip  == p->vpn_ip) && p->active)
       return p;
   for(p = conn_list; p != NULL; p = p->next)
-    if((ip & p->vpn_mask) == (p->vpn_ip & p->vpn_mask))
+    if(((ip & p->vpn_mask) == (p->vpn_ip & p->vpn_mask)) && p->active)
       return p;
 cp
   return NULL;
@@ -81,8 +82,6 @@ void free_conn_element(conn_list_t *p)
 cp
   if(p->hostname)
     free(p->hostname);
-  if(p->pp)
-    free(p->pp);
   if(p->sq)
     destroy_queue(p->sq);
   if(p->rq)
@@ -130,6 +129,9 @@ conn_list_t *new_conn_list(void)
 cp
   /* initialise all those stupid pointers at once */
   memset(p, '\0', sizeof(*p));
+  p->vpn_mask = (ip_t)(~0L); /* If this isn't done, it would be a
+                                wastebucket for all packets with
+                                unknown destination. */
   p->nexthop = p;
 cp
   return p;