X-Git-Url: https://git.decadent.org.uk/gitweb/?p=nfs-utils.git;a=blobdiff_plain;f=utils%2Fstatd%2Fsimu.c;h=82d794e1c2667a20198f0cb24a89bcf5e95f75ca;hp=9d685adc3da3b268408954451e4298e9b2fec25b;hb=dad50c0e589b5651242de50e81200b036d995b73;hpb=c40336aa88c7a914227cc751118e165e985c2b78

diff --git a/utils/statd/simu.c b/utils/statd/simu.c
index 9d685ad..82d794e 100644
--- a/utils/statd/simu.c
+++ b/utils/statd/simu.c
@@ -7,6 +7,7 @@
 #ifdef HAVE_CONFIG_H
 #include <config.h>
 #endif
+#include <arpa/inet.h>
 
 #include "statd.h"
 #include "notlist.h"
@@ -22,11 +23,34 @@ sm_simu_crash_1_svc (void *argp, struct svc_req *rqstp)
 {
   static char *result = NULL;
 
+#ifdef RESTRICTED_STATD
+	struct in_addr	caller;
+
+	/* 1.	Reject anyone not calling from 127.0.0.1.
+	 *	Ignore the my_name specified by the caller, and
+	 *	use "127.0.0.1" instead.
+	 */
+	caller = svc_getcaller(rqstp->rq_xprt)->sin_addr;
+	if (caller.s_addr != htonl(INADDR_LOOPBACK)) {
+		note(N_WARNING,
+			"Call to statd from non-local host %s",
+			inet_ntoa(caller));
+		goto failure;
+	}
+	if (ntohs(svc_getcaller(rqstp->rq_xprt)->sin_port) >= 1024) {
+		note(N_WARNING,
+		     "Call to statd-simu-crash from unprivileged port\n");
+		goto failure;
+	}
+#endif
   note (N_WARNING, "*** SIMULATING CRASH! ***");
   my_svc_exit ();
 
   if (rtnl)
     nlist_kill (&rtnl);
 
+#ifdef RESTRICTED_STATD
+ failure:
+#endif
   return ((void *)&result);
 }