diff options
author | wtc%netscape.com <devnull@localhost> | 2002-01-25 19:16:34 +0000 |
---|---|---|
committer | wtc%netscape.com <devnull@localhost> | 2002-01-25 19:16:34 +0000 |
commit | ad8d542efa552db9f174ff41784b243ec5bdac3d (patch) | |
tree | 3cd7b771a139aa9606eff85329172c59fba223d7 | |
parent | 460732ede0ff62456a711989737cd07e178fd1f2 (diff) | |
download | nspr-hg-ad8d542efa552db9f174ff41784b243ec5bdac3d.tar.gz |
Bugzilla bug 106496: fixed the WINNT version of PR_NewTCPSocketPair toNSPRPUB_RELEASE_4_2_BETA1
verify the source of the connection.
-rw-r--r-- | pr/src/io/prsocket.c | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/pr/src/io/prsocket.c b/pr/src/io/prsocket.c index 86279237..eca44852 100644 --- a/pr/src/io/prsocket.c +++ b/pr/src/io/prsocket.c @@ -1385,7 +1385,7 @@ PR_IMPLEMENT(PRStatus) PR_NewTCPSocketPair(PRFileDesc *f[]) */ SOCKET listenSock; SOCKET osfd[2]; - struct sockaddr_in selfAddr; + struct sockaddr_in selfAddr, peerAddr; int addrLen; if (!_pr_initialized) _PR_ImplicitInitialization(); @@ -1429,10 +1429,24 @@ PR_IMPLEMENT(PRStatus) PR_NewTCPSocketPair(PRFileDesc *f[]) addrLen) == SOCKET_ERROR) { goto failed; } - osfd[1] = accept(listenSock, NULL, NULL); + /* + * A malicious local process may connect to the listening + * socket, so we need to verify that the accepted connection + * is made from our own socket osfd[0]. + */ + if (getsockname(osfd[0], (struct sockaddr *) &selfAddr, + &addrLen) == SOCKET_ERROR) { + goto failed; + } + osfd[1] = accept(listenSock, (struct sockaddr *) &peerAddr, &addrLen); if (osfd[1] == INVALID_SOCKET) { goto failed; } + if (peerAddr.sin_port != selfAddr.sin_port) { + /* the connection we accepted is not from osfd[0] */ + PR_SetError(PR_INSUFFICIENT_RESOURCES_ERROR, 0); + goto failed; + } closesocket(listenSock); f[0] = PR_AllocFileDesc(osfd[0], PR_GetTCPMethods()); |