From 995bae51b11d8311804cef4252c98f3f3e5facdd Mon Sep 17 00:00:00 2001 From: bodea Date: Fri, 17 Feb 2006 13:27:07 +0000 Subject: [PATCH 1/1] validate source of RADIUS packets --- Changes | 3 ++- l2tpns.c | 14 +++++++++++--- l2tpns.spec | 2 +- 3 files changed, 14 insertions(+), 5 deletions(-) diff --git a/Changes b/Changes index df49e0d..d4c668c 100644 --- a/Changes +++ b/Changes @@ -1,8 +1,9 @@ -* Fri Jan 20 2006 Brendan O'Dea 2.1.16 +* Sat Feb 18 2006 Brendan O'Dea 2.1.16 - Send configured magic-no in LCP EchoReq when LCP is opened. - Correct addition of single IP to pool (Jonathan Yarden). - Handle LCP NAK of magic-number. - Ensure session changes from LCP ConfigReq/ConfigNak are sent to cluster. +- Verify that RADIUS packets come from a configured server (Jonathan Yarden). * Mon Dec 19 2005 Brendan O'Dea 2.1.15 - Drop backtrace. diff --git a/l2tpns.c b/l2tpns.c index ecae249..804e1ad 100644 --- a/l2tpns.c +++ b/l2tpns.c @@ -4,7 +4,7 @@ // Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced // vim: sw=8 ts=8 -char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.155 2006/01/19 20:55:03 bodea Exp $"; +char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.156 2006/02/17 13:27:07 bodea Exp $"; #include #include @@ -3301,9 +3301,17 @@ static void mainloop(void) break; case FD_TYPE_RADIUS: // RADIUS response - s = recv(radfds[d->index], buf, sizeof(buf), 0); + alen = sizeof(addr); + s = recvfrom(radfds[d->index], buf, sizeof(buf), MSG_WAITALL, (void *) &addr, &alen); if (s >= 0 && config->cluster_iam_master) - processrad(buf, s, d->index); + { + if (addr.sin_addr.s_addr == config->radiusserver[0] || + addr.sin_addr.s_addr == config->radiusserver[1]) + processrad(buf, s, d->index); + else + LOG(3, 0, 0, "Dropping RADIUS packet from unknown source %s\n", + fmtaddr(addr.sin_addr.s_addr, 0)); + } n--; break; diff --git a/l2tpns.spec b/l2tpns.spec index eff1e7c..9ddfa9d 100644 --- a/l2tpns.spec +++ b/l2tpns.spec @@ -43,5 +43,5 @@ rm -rf %{buildroot} %attr(644,root,root) /usr/share/man/man[58]/* %changelog -* Fri Jan 20 2006 Brendan O'Dea 2.1.16-1 +* Sat Feb 18 2006 Brendan O'Dea 2.1.16-1 - 2.1.16 release, see /usr/share/doc/l2tpns-2.1.16/Changes -- 2.20.1