Drop packets forwarded via TCP if they are too big (CVE-2013-1428).

[meshlink] / src / net_setup.c

diff --git a/src/net_setup.c b/src/net_setup.c
index c5c83e7b0295de546482628498d6daf1a71f8f47..bf0c5a5086eda8931d0a9f9aa1c23978307835f6 100644 (file)
--- a/src/net_setup.c
+++ b/src/net_setup.c
@@ -1,7 +1,7 @@
 /*
     net_setup.c -- Setup.
     Copyright (C) 1998-2005 Ivo Timmermans,
-                  2000-2012 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2013 Guus Sliepen <guus@tinc-vpn.org>
                   2006      Scott Lamb <slamb@slamb.org>
                   2010      Brandon Black <blblack@gmail.com>
 
@@ -31,6 +31,7 @@
 #include "ecdsa.h"
 #include "graph.h"
 #include "logger.h"
+#include "names.h"
 #include "net.h"
 #include "netutl.h"
 #include "process.h"
@@ -51,6 +52,7 @@ char *proxyuser;
 char *proxypass;
 proxytype_t proxytype;
 int autoconnect;
+bool disablebuggypeers;
 
 char *scriptinterpreter;
 char *scriptextension;
@@ -597,6 +599,8 @@ bool setup_myself_reloadable(void) {
 
        get_config_int(lookup_config(config_tree, "AutoConnect"), &autoconnect);
 
+       get_config_bool(lookup_config(config_tree, "DisableBuggyPeers"), &disablebuggypeers);
+
        return true;
 }
 
@@ -750,7 +754,7 @@ static bool setup_myself(void) {
        myself->nexthop = myself;
        myself->via = myself;
        myself->status.reachable = true;
-       myself->last_state_change = time(NULL);
+       myself->last_state_change = now.tv_sec;
        myself->status.sptps = experimental;
        node_add(myself);
 
@@ -807,6 +811,37 @@ static bool setup_myself(void) {
 
        /* Open sockets */
 
+#ifndef HAVE_MINGW
+       int unix_fd = socket(AF_UNIX, SOCK_STREAM, 0);
+       if(unix_fd < 0) {
+               logger(DEBUG_ALWAYS, LOG_ERR, "Could not create UNIX socket: %s", sockstrerror(errno));
+               return false;
+       }
+
+       struct sockaddr_un sa;
+       sa.sun_family = AF_UNIX;
+       strncpy(sa.sun_path, unixsocketname, sizeof sa.sun_path);
+
+       if(connect(unix_fd, (struct sockaddr *)&sa, sizeof sa) >= 0) {
+               logger(DEBUG_ALWAYS, LOG_ERR, "UNIX socket %s is still in use!", unixsocketname);
+               return false;
+       }
+
+       unlink(unixsocketname);
+
+       if(bind(unix_fd, (struct sockaddr *)&sa, sizeof sa) < 0) {
+               logger(DEBUG_ALWAYS, LOG_ERR, "Could not bind UNIX socket to %s: %s", unixsocketname, sockstrerror(errno));
+               return false;
+       }
+
+       if(listen(unix_fd, 3) < 0) {
+               logger(DEBUG_ALWAYS, LOG_ERR, "Could not listen on UNIX socket %s: %s", unixsocketname, sockstrerror(errno));
+               return false;
+       }
+
+       io_add(&unix_socket, handle_new_unix_connection, &unix_socket, unix_fd, IO_READ);
+#endif
+
        if(!do_detach && getenv("LISTEN_FDS")) {
                sockaddr_t sa;
                socklen_t salen;
@@ -926,7 +961,7 @@ static bool setup_myself(void) {
                return false;
        }
 
-       last_config_check = time(NULL);
+       last_config_check = now.tv_sec;
 
        return true;
 }
@@ -991,6 +1026,11 @@ void close_network_connections(void) {
                close(listen_socket[i].udp.fd);
        }
 
+#ifndef HAVE_MINGW
+       io_del(&unix_socket);
+       close(unix_socket.fd);
+#endif
+
        char *envp[5];
        xasprintf(&envp[0], "NETNAME=%s", netname ? : "");
        xasprintf(&envp[1], "DEVICE=%s", device ? : "");