Fix for a DoS attack:

[tinc] / src / netutl.c

diff --git a/src/netutl.c b/src/netutl.c
index df6401f..5b4badf 100644 (file)
--- a/src/netutl.c
+++ b/src/netutl.c
@@ -1,6 +1,6 @@
 /*
     netutl.c -- some supporting network utility code
-    Copyright (C) 1998,99 Ivo Timmermans <zarq@iname.com>
+    Copyright (C) 1998,1999,2000 Ivo Timmermans <zarq@iname.com>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -37,18 +37,19 @@
 
 /*
   look for a connection associated with the given vpn ip,
-  return its connection structure
+  return its connection structure.
+  Skips connections that are not activated!
 */
 conn_list_t *lookup_conn(ip_t ip)
 {
   conn_list_t *p = conn_list;
-
+cp
   /* Exact match suggested by James B. MacLean */
   for(p = conn_list; p != NULL; p = p->next)
-    if(ip  == p->vpn_ip)
+    if((ip  == p->vpn_ip) && p->active)
       return p;
   for(p = conn_list; p != NULL; p = p->next)
-    if((ip & p->vpn_mask) == (p->vpn_ip & p->vpn_mask))
+    if(((ip & p->vpn_mask) == (p->vpn_ip & p->vpn_mask)) && p->active)
       return p;
 cp
   return NULL;