lynx-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

lynx-dev [PATCH] Blocking common ports


From: Ulf Harnhammar
Subject: lynx-dev [PATCH] Blocking common ports
Date: Wed, 4 Sep 2002 18:57:11 +0200 (CEST)

Hello,

I have written a patch that makes Lynx block several common
ports. Previously, it only blocked port 19 and 25, and as you can send
mail with the Submission service at port 587, it wasn't very
effective. I've added a check for that and several other common services
that you don't want people to connect to with web clients.

I have patched against 2.8.5dev.8.

// Ulf Harnhammar
address@hidden
http://www.metaur.nu/


--- lynx2-8-5/src/LYGetFile.c.old       2002-09-04 18:43:50.000000000 +0200
+++ lynx2-8-5/src/LYGetFile.c   2002-09-04 18:44:04.000000000 +0200
@@ -141,9 +141,8 @@
        CTRACE((tfp,"getfile: getting %s\n\n",doc->address));
 
        /*
-        *  Protect against denial of service attacks
-        *  via the port 19 CHARGEN service, and block
-        *  connections to the port 25 ESMTP service.
+        *  Block connections to several common ports below 1024. - Ulf
+        *
         *  Also reject any likely spoof attempts via
         *  wrap arounds at 65536. - FM
         */
@@ -158,17 +157,15 @@
 
                cp++;
                if (sscanf(cp, "%ld", &value) == 1) {
-                   if (value == 19 || value == 65555) {
-                       HTAlert(PORT_NINETEEN_INVALID);
-                       FREE(temp);
-                       return(NULLFILE);
-                   }
-                   if (value == 25 || value == 65561) {
-                       HTAlert(PORT_TWENTYFIVE_INVALID);
-                       FREE(temp);
-                       return(NULLFILE);
-                   }
-                   if (value > 65535 || value < 0) {
+                   if (value > 65535 || value < 0 ||
+                       value == 7 || value == 9 ||
+                       value == 13 || value == 19 ||
+                       value == 25 || value == 43 ||
+                       value == 53 || value == 69 ||
+                       value == 79 || value == 110 ||
+                       value == 113 || value == 143 ||
+                       value == 161 || value == 389 ||
+                       value == 587) {
                        char *msg = 0;
                        HTSprintf0(&msg, PORT_INVALID, (unsigned long)value);
                        HTAlert(msg);


; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]