From owner-cvs-sys Tue Oct 28 00:38:28 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id AAA07676 for cvs-sys-outgoing; Tue, 28 Oct 1997 00:38:28 -0800 (PST) (envelope-from owner-cvs-sys) Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.19]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id AAA07664; Tue, 28 Oct 1997 00:38:19 -0800 (PST) (envelope-from bde@zeta.org.au) Received: (from bde@localhost) by godzilla.zeta.org.au (8.8.7/8.6.9) id TAA17899; Tue, 28 Oct 1997 19:37:02 +1100 Date: Tue, 28 Oct 1997 19:37:02 +1100 From: Bruce Evans Message-Id: <199710280837.TAA17899@godzilla.zeta.org.au> To: fenner@parc.xerox.com, guido@gvr.org Subject: Re: cvs commit: src/sys/netinet ip_input.c Cc: cvs-all@FreeBSD.ORG, cvs-committers@FreeBSD.ORG, cvs-sys@FreeBSD.ORG, guido@FreeBSD.ORG Sender: owner-cvs-sys@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk >> However, there is a problem with the actual change: the "goto" bypasses >> the strcpy() which gives log() something to print. In addition, the whole >> log(LOG_WARNING, ...) for each packet provides a wonderful denial of service >> attack (I understand this isn't new with this commit, but it's still an >> issue). > >I will correct the strcpy thing tonight. The denail os service attack is indeed >present, but we do want the logging. >A kludge would be to add yet another sysctl variable, that controls >the logging that is cleared after a number of logs, together with a message >that logging has stopped and can be restarted by resetting the flag. >Another solution is to not allow more then XXX logging entries per minut. Other bugs: new: the source of the goto is also misplaced (after a comment that doesn't apply to it). old: the declaration and initialization of `buf' have several style bugs (only one of which is fixed in the enclosed patch). Bruce diff -c2 ip_input.c~ ip_input.c *** ip_input.c~ Tue Oct 28 14:20:02 1997 --- ip_input.c Tue Oct 28 14:50:57 1997 *************** *** 947,956 **** goto bad; } /* * Loose routing, and not at next destination * yet; nothing to do except forward. */ - if (!ip_dosourceroute) - goto nosourcerouting; break; } --- 945,954 ---- goto bad; } + if (!ip_dosourceroute) + goto nosourcerouting; /* * Loose routing, and not at next destination * yet; nothing to do except forward. */ break; } *************** *** 966,972 **** if (!ip_dosourceroute) { char buf[4*sizeof "123"]; - strcpy(buf, inet_ntoa(ip->ip_dst)); nosourcerouting: log(LOG_WARNING, "attempted source route from %s to %s\n", --- 964,970 ---- if (!ip_dosourceroute) { char buf[4*sizeof "123"]; nosourcerouting: + strcpy(buf, inet_ntoa(ip->ip_dst)); log(LOG_WARNING, "attempted source route from %s to %s\n",