From 1e6c4ac0174cfa24a390a038045b0f631c8d52ba Mon Sep 17 00:00:00 2001 From: Sylvain Rochet Date: Sun, 6 Nov 2016 17:39:59 +0100 Subject: [PATCH] PPP, IPCP: check that the peer is allowed to use the IP address it wants This is done in the pppd upstream and was disabled because we don't have the allowed addresses list required for the auth_ip_addr function. This is mostly necessary for PPP in server mode to prevent the peer to use the IP address it wants instead of the one we want, which is currently allowed. Rewrite auth_ip_addr in a simple way where we forbid PPP peer to use loopback net, a multicast address or a reserved class address. Added to that we consider that PPP in server mode with peer required to authenticate must provide the peer IP address, reject any IP address wanted by peer different than the one we wanted. This is actually an allowed addresses "list" of one entry that follows what is done in the unused auth_ip_addr function. --- src/netif/ppp/ipcp.c | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/src/netif/ppp/ipcp.c b/src/netif/ppp/ipcp.c index 29fb188c..b7c766eb 100644 --- a/src/netif/ppp/ipcp.c +++ b/src/netif/ppp/ipcp.c @@ -1939,11 +1939,29 @@ static void ipcp_up(fsm *f) { } #endif /* LWIP_DNS */ -/* FIXME: check why it fails, just to know */ -#if 0 /* Unused */ /* * Check that the peer is allowed to use the IP address it wants. */ + if (ho->hisaddr != 0) { + u32_t addr = lwip_ntohl(ho->hisaddr); + if ((addr >> IP_CLASSA_NSHIFT) == IP_LOOPBACKNET + || IP_MULTICAST(addr) || IP_BADCLASS(addr) + /* + * For now, consider that PPP in server mode with peer required + * to authenticate must provide the peer IP address, reject any + * IP address wanted by peer different than the one we wanted. + */ +#if PPP_SERVER && PPP_AUTH_SUPPORT + || (pcb->settings.auth_required && wo->hisaddr != ho->hisaddr) +#endif /* PPP_SERVER && PPP_AUTH_SUPPORT */ + ) { + ppp_error("Peer is not authorized to use remote address %I", ho->hisaddr); + ipcp_close(pcb, "Unauthorized remote IP address"); + return; + } + } +#if 0 /* Unused */ + /* Upstream checking code */ if (ho->hisaddr != 0 && !auth_ip_addr(f->unit, ho->hisaddr)) { ppp_error("Peer is not authorized to use remote address %I", ho->hisaddr); ipcp_close(f->unit, "Unauthorized remote IP address");