-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
This bug has cropped up on one of the systems I administer. It
appears to be the result of *all* client IPv6 addresses being
incorrectly translated into the IPv4 address 0.0.0.0, and so lumped in
together thus enabling a denial of service.
The critical code appears to be in
vnc4-4.1.1+X4.3.0/common/network/TcpSocket.cxx
char* TcpSocket::getPeerAddress() {
struct sockaddr_in info;
struct in_addr addr;
VNC_SOCKLEN_T info_size = sizeof(info);
getpeername(getFd(), (struct sockaddr *)&info, &info_size);
memcpy(&addr, &info.sin_addr, sizeof(addr));
char* name = inet_ntoa(addr);
if (name) {
return rfb::strDup(name);
} else {
return rfb::strDup("");
}
}
where inet_ntoa assumes an IPv4 address, so returns 0.0.0.0.
This erroneous address is then matched with other IPv6 attempts in:
vnc4-4.1.1+X4.3.0/common/rfb/VNCServerST.cxx
void VNCServerST::addSocket(network::Socket* sock, bool outgoing)
{
// - Check the connection isn't black-marked
// *** do this in getSecurity instead?
CharArray address(sock->getPeerAddress());
if (blHosts->isBlackmarked(address.buf)) {
connectionsLog.error("blacklisted: %s", address.buf);
try {
SConnection::writeConnFailedFromScratch("Too many security failures",
&sock->outStream());
Cheers,
- --
Brett Wuth w...@castrov.cuug.ab.ca w...@acm.org
Box 1251-U, Pincher Creek, Alberta T0K 1W0, CANADA Tel:+1 403 627-2460
OpenPGP FingerPrint=628F C9DA BDBC 2A0E 18F1 2F6A 3300 8422 BE6A 0E79
What is the meaning of life?! Yes.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8 <http://mailcrypt.sourceforge.net/>
iEYEARECAAYFAlDFFpwACgkQ8qwj3joz1ZA/cwCfQftPtxUsS0aDUxdq3zQkOnmA
GB0AnRXX1hG5L84LEfFSBEbal6bio3CM
=YY/k
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
