diff options
author | yar <yar@FreeBSD.org> | 2004-05-20 06:35:02 +0000 |
---|---|---|
committer | yar <yar@FreeBSD.org> | 2004-05-20 06:35:02 +0000 |
commit | 45f0ba15479f1a485802e54e398ddc3196c04795 (patch) | |
tree | 925c48d129b678f73dcc9699131a4e82018aaeb0 /sys/netinet/in_pcb.c | |
parent | e70686331d648a97a8708579bb2cd9e0d1721bda (diff) | |
download | FreeBSD-src-45f0ba15479f1a485802e54e398ddc3196c04795.zip FreeBSD-src-45f0ba15479f1a485802e54e398ddc3196c04795.tar.gz |
When checking for possible port theft, skip over a TCP inpcb
unless it's in the closed or listening state (remote address
== INADDR_ANY).
If a TCP inpcb is in any other state, it's impossible to steal
its local port or use it for port theft. And if there are
both closed/listening and connected TCP inpcbs on the same
localIP:port couple, the call to in_pcblookup_local() will
find the former due to the design of that function.
No objections raised in: -net, -arch
MFC after: 1 month
Diffstat (limited to 'sys/netinet/in_pcb.c')
-rw-r--r-- | sys/netinet/in_pcb.c | 10 |
1 files changed, 3 insertions, 7 deletions
diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c index c68ed23..d957307 100644 --- a/sys/netinet/in_pcb.c +++ b/sys/netinet/in_pcb.c @@ -332,14 +332,10 @@ in_pcbbind_setup(inp, nam, laddrp, lportp, cred) * XXX * This entire block sorely needs a rewrite. */ - if (t && (t->inp_vflag & INP_TIMEWAIT)) { - if ((ntohl(sin->sin_addr.s_addr) != INADDR_ANY || - ntohl(t->inp_laddr.s_addr) != INADDR_ANY || - (intotw(t)->tw_so_options & SO_REUSEPORT) == 0) && - (so->so_cred->cr_uid != intotw(t)->tw_cred->cr_uid)) - return (EADDRINUSE); - } else if (t && + ((t->inp_vflag & INP_TIMEWAIT) == 0) && + (so->so_type != SOCK_STREAM || + ntohl(t->inp_faddr.s_addr) == INADDR_ANY) && (ntohl(sin->sin_addr.s_addr) != INADDR_ANY || ntohl(t->inp_laddr.s_addr) != INADDR_ANY || (t->inp_socket->so_options & |