diff options
author | wtc%netscape.com <devnull@localhost> | 2002-01-23 02:41:13 +0000 |
---|---|---|
committer | wtc%netscape.com <devnull@localhost> | 2002-01-23 02:41:13 +0000 |
commit | 598873b69c96733dd609ed7a20955a1da1906f4d (patch) | |
tree | 47cd892f33fadde3176adada7ef24fcba7bfb7b4 | |
parent | f908b0a8760867a3a6beb4b175340a0fd56f7804 (diff) | |
download | nspr-hg-598873b69c96733dd609ed7a20955a1da1906f4d.tar.gz |
Bugzilla bug 106496: PR_NewTCPSocketPair should check the source of the
connection.
-rw-r--r-- | pr/src/io/prsocket.c | 20 |
1 files changed, 18 insertions, 2 deletions
diff --git a/pr/src/io/prsocket.c b/pr/src/io/prsocket.c index 217b6fd0..86279237 100644 --- a/pr/src/io/prsocket.c +++ b/pr/src/io/prsocket.c @@ -1469,7 +1469,7 @@ failed: * default implementation */ PRFileDesc *listenSock; - PRNetAddr selfAddr; + PRNetAddr selfAddr, peerAddr; PRUint16 port; f[0] = f[1] = NULL; @@ -1507,10 +1507,23 @@ failed: == PR_FAILURE) { goto failed; } - f[1] = PR_Accept(listenSock, NULL, PR_INTERVAL_NO_TIMEOUT); + /* + * A malicious local process may connect to the listening + * socket, so we need to verify that the accepted connection + * is made from our own socket f[0]. + */ + if (PR_GetSockName(f[0], &selfAddr) == PR_FAILURE) { + goto failed; + } + f[1] = PR_Accept(listenSock, &peerAddr, PR_INTERVAL_NO_TIMEOUT); if (f[1] == NULL) { goto failed; } + if (peerAddr.inet.port != selfAddr.inet.port) { + /* the connection we accepted is not from f[0] */ + PR_SetError(PR_INSUFFICIENT_RESOURCES_ERROR, 0); + goto failed; + } PR_Close(listenSock); return PR_SUCCESS; @@ -1521,6 +1534,9 @@ failed: if (f[0]) { PR_Close(f[0]); } + if (f[1]) { + PR_Close(f[1]); + } return PR_FAILURE; #endif } |