[xinetd] Add -bad-port-check patch

[jsynacek]

commit 63004d1702caf98a5fb42a94cc2211e65bc50227
Author: Jan Synacek <jsynacek at redhat.com>
Date:   Mon May 14 10:36:13 2012 +0200

    Add -bad-port-check patch

 xinetd-2.3.15-bad-port-check.patch |  106 ++++++++++++++++++++++++++++++++++++
 xinetd.spec                        |    3 +
 2 files changed, 109 insertions(+), 0 deletions(-)
---
diff --git a/xinetd-2.3.15-bad-port-check.patch b/xinetd-2.3.15-bad-port-check.patch
new file mode 100644
index 0000000..7849a96
--- /dev/null
+++ b/xinetd-2.3.15-bad-port-check.patch
@@ -0,0 +1,106 @@
+Re-introduce bad_port_check(), which upstream dropped between 2.3.13 and 2.3.14
+for it having been "rather antiquated for years", with no justification given
+for that claim.
+
+--- xinetd-2.3.15/xinetd/builtins.c	2012-05-09 17:40:29.000000000 +0200
++++ xinetd-2.3.15.new/xinetd/builtins.c	2012-05-14 10:25:00.431529805 +0200
+@@ -52,6 +52,7 @@ static void dgram_daytime(const struct s
+ static void stream_chargen(const struct server *) ;
+ static void dgram_chargen(const struct server *) ;
+ static void tcpmux_handler(const struct server *) ;
++static int bad_port_check(const union xsockaddr *, const char *);
+ 
+ /*
+  * SG - This is the call sequence to get to a built-in service
+@@ -163,6 +164,25 @@ static void stream_echo( const struct se
+       Sclose(descriptor);
+ }
+ 
++/* For internal UDP services, make sure we don't respond to our ports
++ * on other servers and to low ports of other services (such as DNS).
++ * This can cause looping.
++ */
++static int bad_port_check( const union xsockaddr *sa, const char *func )
++{
++   uint16_t port = 0;
++
++   port = ntohs( xaddrport( sa ) );
++
++   if ( port < 1024 ) {
++      msg(LOG_WARNING, func,
++         "Possible Denial of Service attack from %s %d", xaddrname(sa), port);
++      return (-1);
++   }
++
++   return (0);
++}
++
+ static void dgram_echo( const struct server *serp )
+ {
+    char            buf[ DATAGRAM_SIZE ] ;
+@@ -170,6 +190,7 @@ static void dgram_echo( const struct ser
+    ssize_t             cc ;
+    socklen_t       sin_len = 0;
+    int             descriptor = SERVER_FD( serp ) ;
++   const char      *func = "dgram_echo" ;
+ 
+    if( SC_IPV4( SVC_CONF( SERVER_SERVICE( serp ) ) ) )
+       sin_len = sizeof( struct sockaddr_in );
+@@ -178,6 +199,7 @@ static void dgram_echo( const struct ser
+ 
+    cc = recvfrom( descriptor, buf, sizeof( buf ), 0, (struct sockaddr *)( &lsin ), &sin_len ) ;
+    if ( cc != (ssize_t)-1 ) {
++      if( bad_port_check(&lsin, func) != 0 ) return;
+       (void) sendto( descriptor, buf, (size_t)cc, 0, SA( &lsin ), sizeof( lsin ) ) ;
+    }
+ }
+@@ -292,6 +314,7 @@ static void dgram_daytime( const struct
+    unsigned int    buflen      = sizeof( time_buf ) ;
+    int             descriptor  = SERVER_FD( serp ) ;
+    ssize_t         val;
++   const char      *func = "dgram_daytime" ;
+ 
+    if ( SC_IPV4( SVC_CONF( SERVER_SERVICE( serp ) ) ) ) 
+       sin_len = sizeof( struct sockaddr_in );
+@@ -303,6 +326,8 @@ static void dgram_daytime( const struct
+    if ( val == (ssize_t)-1 )
+       return ;
+ 
++   if( bad_port_check(&lsin, func) != 0 ) return;
++
+    daytime_protocol( time_buf, &buflen ) ;
+    
+    (void) sendto( descriptor, time_buf, buflen, 0, SA(&lsin), sizeof( lsin ) ) ;
+@@ -359,6 +384,7 @@ static void dgram_time( const struct ser
+    socklen_t       sin_len = 0 ;
+    int             fd      = SERVER_FD( serp ) ;
+    ssize_t         val;
++   const char      *func = "dgram_time" ;
+ 
+    if ( SC_IPV4( SVC_CONF( SERVER_SERVICE( serp ) ) ) ) 
+       sin_len = sizeof( struct sockaddr_in );
+@@ -368,6 +394,7 @@ static void dgram_time( const struct ser
+    val = recvfrom( fd, buf, sizeof( buf ), 0, (struct sockaddr *)( &lsin ), &sin_len );
+    if ( val == (ssize_t)-1 )
+       return ;
++   if( bad_port_check(&lsin, func) != 0 ) return;
+ 
+    time_protocol( time_buf ) ;
+    (void) sendto( fd, (char *) time_buf, 4, 0, SA( &lsin ), sin_len ) ;
+@@ -466,6 +493,7 @@ static void dgram_chargen( const struct
+    int             fd      = SERVER_FD( serp ) ;
+    unsigned int    left    = sizeof( buf ) ;
+    ssize_t         val;
++   const char      *func = "dgram_chargen" ;
+ 
+    if ( SC_IPV4( SVC_CONF( SERVER_SERVICE( serp ) ) ) ) 
+       sin_len = sizeof( struct sockaddr_in );
+@@ -480,6 +508,8 @@ static void dgram_chargen( const struct
+    bad_variable = 1 ;      /* this will cause a compilation error */
+ #endif
+ 
++   if( bad_port_check(&lsin, func) != 0 ) return;
++
+    for ( p = buf ; left > 2 ; left -= len, p += len )
+    {
+       len = min( LINE_LENGTH+2, left ) ;
diff --git a/xinetd.spec b/xinetd.spec
index 372107f..6abb400 100644
--- a/xinetd.spec
+++ b/xinetd.spec
@@ -52,6 +52,7 @@ Patch24: xinetd-2.3.14-leaking-fds-2a.patch
 Patch25: xinetd-2.3.14-instances.patch
 # Fix #809272 - Service disabled due to bind failure
 Patch26: xinetd-2.3.14-retry-svc-activate-in-cps-restart.patch
+Patch27: xinetd-2.3.15-bad-port-check.patch
 
 BuildRequires: autoconf, automake
 BuildRequires: libselinux-devel >= 1.30
@@ -105,6 +106,7 @@ located in the /etc/xinetd.d directory.
 %patch24 -p1 -b .leaking-fds-2a
 %patch25 -p1 -b .instances
 %patch26 -p1 -b .retry-svc-activate
+%patch27 -p1 -b .bad-port-check
 
 aclocal
 autoconf
@@ -180,6 +182,7 @@ fi
   (-log-crash, -tcp_rpc, -label, -contextconf, -ssize_t)
 - Update -pie, -PIE, -poll patch
 - Resolves: #820927
+- Add -bad-port-check patch
 
 * Fri Apr 13 2012 Jan Synáček <jsynacek at redhat.com> - 2:2.3.14-46
 - Fix: service file: avoid problems when name resolution is not ready