summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorwtc%netscape.com <devnull@localhost>2002-01-25 19:16:34 +0000
committerwtc%netscape.com <devnull@localhost>2002-01-25 19:16:34 +0000
commitad8d542efa552db9f174ff41784b243ec5bdac3d (patch)
tree3cd7b771a139aa9606eff85329172c59fba223d7
parent460732ede0ff62456a711989737cd07e178fd1f2 (diff)
downloadnspr-hg-ad8d542efa552db9f174ff41784b243ec5bdac3d.tar.gz
Bugzilla bug 106496: fixed the WINNT version of PR_NewTCPSocketPair toNSPRPUB_RELEASE_4_2_BETA1
verify the source of the connection.
Diffstat
-rw-r--r--pr/src/io/prsocket.c18
1 files changed, 16 insertions, 2 deletions
diff --git a/pr/src/io/prsocket.c b/pr/src/io/prsocket.c
index 86279237..eca44852 100644
--- a/pr/src/io/prsocket.c
+++ b/pr/src/io/prsocket.c
@@ -1385,7 +1385,7 @@ PR_IMPLEMENT(PRStatus) PR_NewTCPSocketPair(PRFileDesc *f[])
*/
SOCKET listenSock;
SOCKET osfd[2];
- struct sockaddr_in selfAddr;
+ struct sockaddr_in selfAddr, peerAddr;
int addrLen;
if (!_pr_initialized) _PR_ImplicitInitialization();
@@ -1429,10 +1429,24 @@ PR_IMPLEMENT(PRStatus) PR_NewTCPSocketPair(PRFileDesc *f[])
addrLen) == SOCKET_ERROR) {
goto failed;
}
- osfd[1] = accept(listenSock, NULL, NULL);
+ /*
+ * A malicious local process may connect to the listening
+ * socket, so we need to verify that the accepted connection
+ * is made from our own socket osfd[0].
+ */
+ if (getsockname(osfd[0], (struct sockaddr *) &selfAddr,
+ &addrLen) == SOCKET_ERROR) {
+ goto failed;
+ }
+ osfd[1] = accept(listenSock, (struct sockaddr *) &peerAddr, &addrLen);
if (osfd[1] == INVALID_SOCKET) {
goto failed;
}
+ if (peerAddr.sin_port != selfAddr.sin_port) {
+ /* the connection we accepted is not from osfd[0] */
+ PR_SetError(PR_INSUFFICIENT_RESOURCES_ERROR, 0);
+ goto failed;
+ }
closesocket(listenSock);
f[0] = PR_AllocFileDesc(osfd[0], PR_GetTCPMethods());
View Lorry Controller Status