From 7b90054346fed344659581a225ea8085544d836d Mon Sep 17 00:00:00 2001 From: Erik Ekman Date: Tue, 5 Aug 2008 14:47:51 +0000 Subject: [PATCH] Reworked fix for #21 --- src/iodined.c | 31 +++++++++++++++++++------------ src/user.h | 3 +-- 2 files changed, 20 insertions(+), 14 deletions(-) diff --git a/src/iodined.c b/src/iodined.c index f1e8538..85fb3d1 100644 --- a/src/iodined.c +++ b/src/iodined.c @@ -66,6 +66,15 @@ sigint(int sig) running = 0; } +static int +ip_cmp(int userid, struct query *q) +{ + struct sockaddr_in *tempin; + + tempin = (struct sockaddr_in *) &(q->from); + return memcmp(&(users[userid].host), &(tempin->sin_addr), sizeof(struct in_addr)); +} + static int tunnel_tun(int tun_fd, int dns_fd) { @@ -167,10 +176,14 @@ tunnel_dns(int tun_fd, int dns_fd) if (version == VERSION) { userid = find_available_user(); if (userid >= 0) { + struct sockaddr_in *tempin; + users[userid].seed = rand(); - memcpy(&(users[userid].host), &(dummy.q.from), dummy.q.fromlen); + /* Store remote IP number */ + tempin = (struct sockaddr_in *) &(dummy.q.from); + memcpy(&(users[userid].host), &(tempin->sin_addr), sizeof(struct in_addr)); + memcpy(&(users[userid].q), &(dummy.q), sizeof(struct query)); - users[userid].addrlen = dummy.q.fromlen; users[userid].encoder = get_base32_encoder(); send_version_response(dns_fd, VERSION_ACK, users[userid].seed, &users[userid]); users[userid].q.id = 0; @@ -192,8 +205,7 @@ tunnel_dns(int tun_fd, int dns_fd) users[userid].last_pkt = time(NULL); login_calculate(logindata, 16, password, users[userid].seed); - if (check_ip && (dummy.q.fromlen != users[userid].addrlen || - memcmp(&(users[userid].host), &(dummy.q.from), dummy.q.fromlen) != 0)) { + if (check_ip && ip_cmp(userid, &(dummy.q)) != 0) { write_dns(dns_fd, &(dummy.q), "BADIP", 5); } else { if (read >= 18 && (memcmp(logindata, unpacked+1, 16) == 0)) { @@ -220,7 +232,7 @@ tunnel_dns(int tun_fd, int dns_fd) read = unpack_data(unpacked, sizeof(unpacked), &(in[1]), read - 1, b32); /* Ping packet, store userid */ userid = unpacked[0]; - if (userid < 0 || userid >= USERS) { + if (userid < 0 || userid >= USERS || ip_cmp(userid, &(dummy.q)) != 0) { write_dns(dns_fd, &(dummy.q), "BADIP", 5); return 0; /* illegal id */ } @@ -249,8 +261,7 @@ tunnel_dns(int tun_fd, int dns_fd) } /* Check sending ip number */ - if (check_ip && (dummy.q.fromlen != users[userid].addrlen || - memcmp(&(users[userid].host), &(dummy.q.from), dummy.q.fromlen) != 0)) { + if (check_ip && ip_cmp(userid, &(dummy.q)) != 0) { write_dns(dns_fd, &(dummy.q), "BADIP", 5); } else { /* decode with this users encoding */ @@ -259,7 +270,6 @@ tunnel_dns(int tun_fd, int dns_fd) users[userid].last_pkt = time(NULL); memcpy(&(users[userid].q), &(dummy.q), sizeof(struct query)); - users[userid].addrlen = dummy.q.fromlen; memcpy(users[userid].inpacket.data + users[userid].inpacket.offset, unpacked, read); users[userid].inpacket.len += read; users[userid].inpacket.offset += read; @@ -288,10 +298,7 @@ tunnel_dns(int tun_fd, int dns_fd) } } /* userid must be set for a reply to be sent */ - if (userid >= 0 && userid < USERS && dummy.q.fromlen == users[userid].addrlen && - memcmp(&(users[userid].host), &(dummy.q.from), dummy.q.fromlen) == 0 && - users[userid].outpacket.len > 0) { - + if (userid >= 0 && userid < USERS && ip_cmp(userid, &(dummy.q)) == 0 && users[userid].outpacket.len > 0) { write_dns(dns_fd, &(dummy.q), users[userid].outpacket.data, users[userid].outpacket.len); users[userid].outpacket.len = 0; users[userid].q.id = 0; diff --git a/src/user.h b/src/user.h index 2d0d2ad..b333bcb 100644 --- a/src/user.h +++ b/src/user.h @@ -25,8 +25,7 @@ struct user { time_t last_pkt; int seed; in_addr_t tun_ip; - struct sockaddr host; - int addrlen; + struct in_addr host; struct query q; struct packet inpacket; struct packet outpacket;