This is a multi-part message in MIME format.
--------------6EC7F8FD7D8307CEBA8B05A3
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Hi all,
as recently discovered, with a simple port scan you can hijack some
of the BitchX dcc
connections. This due to the port assigning on the requesting client.
Here follows a really short patch that will fix the problem. The problem
is here:
BitchX when creates a DCC connection (listening socket) uses the
functions
connect_by_number (defined in network.c file). Passing as port 0
This means that the OS will determine the port. Now.. for mental order..
the ports will be quiet consecutive. Bad.. Bad... So.. let's add a
random value to the port returned by the system. All is now fixed.
Patch follows
-----------------------------------------------------------------------------------------
Regards
Alessio
"NaiL^d0d@ircnet/ircity" Orlandi
Thanks to: hackers@ircity Litos (you one of my best friend), Nervous,
awgn (hehe),
Lordfelix (salam), Raptor,
BlackJam, kasko, antirez
and hackers.it@ircnet Soren, NaiF, Bonjo
----------------------------------------------------------------------------------------
--------------6EC7F8FD7D8307CEBA8B05A3
Content-Type: text/plain; charset=us-ascii; name="BitchX-DCC.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline; filename="BitchX-DCC.patch"
--- source/network.c
+++ source/network.c 1998/7/20 08:56:44
@@ -21,7 +21,9 @@
#ifdef HAVE_SYS_FILIO_H
#include <sys/filio.h>
#endif
+/* NaiL^d0d: no hijack please, we need random bytes, in stdlib.h */
+#include <stdlib.h>
extern char hostname[NAME_LEN+1];
extern int use_socks;
@@ -172,6 +172,7 @@
memset(&name, 0, sizeof(struct sockaddr_in));
name.sin_family = AF_INET;
name.sin_addr.s_addr = htonl(INADDR_ANY);
name.sin_port = htons(*portnum);
+name.sin_port+=(unsigned short)(rand() &255);
if (bind(fd, (struct sockaddr *)&name, sizeof(name)))
--------------6EC7F8FD7D8307CEBA8B05A3--
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:25:24 PDT