Make sure that you can only bind a more specific address when it is

done by the same uid.
Obtained from: OpenBSD

5 files changed, 15 insertions, 5 deletions

diff --git a/sys/kern/uipc_sockbuf.c b/sys/kern/uipc_sockbuf.c
index 5598081..997442d 100644
--- a/sys/kern/uipc_sockbuf.c
+++ b/sys/kern/uipc_sockbuf.c
@@ -31,7 +31,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)uipc_socket2.c	8.1 (Berkeley) 6/10/93
- *	$Id: uipc_socket2.c,v 1.29 1997/09/04 17:39:16 tegge Exp $
+ *	$Id: uipc_socket2.c,v 1.30 1997/09/07 16:53:48 bde Exp $
  */
 
 #include <sys/param.h>
@@ -213,6 +213,7 @@ sonewconn(head, connstatus)
 	so->so_proto = head->so_proto;
 	so->so_timeo = head->so_timeo;
 	so->so_pgid = head->so_pgid;
+	so->so_uid = head->so_uid;
 	(void) soreserve(so, head->so_snd.sb_hiwat, head->so_rcv.sb_hiwat);
 
 	if ((*so->so_proto->pr_usrreqs->pru_attach)(so, 0, NULL)) {
diff --git a/sys/kern/uipc_socket.c b/sys/kern/uipc_socket.c
index 72897db..4debb5f 100644
--- a/sys/kern/uipc_socket.c
+++ b/sys/kern/uipc_socket.c
@@ -31,7 +31,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)uipc_socket.c	8.3 (Berkeley) 4/15/94
- *	$Id: uipc_socket.c,v 1.36 1998/02/06 12:13:28 eivind Exp $
+ *	$Id: uipc_socket.c,v 1.37 1998/02/19 19:38:20 fenner Exp $
  */
 
 #include <sys/param.h>
@@ -93,6 +93,7 @@ socreate(dom, aso, type, proto, p)
 	TAILQ_INIT(&so->so_incomp);
 	TAILQ_INIT(&so->so_comp);
 	so->so_type = type;
+	so->so_uid = p->p_ucred->cr_uid;;
 	so->so_proto = prp;
 	error = (*prp->pr_usrreqs->pru_attach)(so, proto, p);
 	if (error) {
diff --git a/sys/kern/uipc_socket2.c b/sys/kern/uipc_socket2.c
index 5598081..997442d 100644
--- a/sys/kern/uipc_socket2.c
+++ b/sys/kern/uipc_socket2.c
@@ -31,7 +31,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)uipc_socket2.c	8.1 (Berkeley) 6/10/93
- *	$Id: uipc_socket2.c,v 1.29 1997/09/04 17:39:16 tegge Exp $
+ *	$Id: uipc_socket2.c,v 1.30 1997/09/07 16:53:48 bde Exp $
  */
 
 #include <sys/param.h>
@@ -213,6 +213,7 @@ sonewconn(head, connstatus)
 	so->so_proto = head->so_proto;
 	so->so_timeo = head->so_timeo;
 	so->so_pgid = head->so_pgid;
+	so->so_uid = head->so_uid;
 	(void) soreserve(so, head->so_snd.sb_hiwat, head->so_rcv.sb_hiwat);
 
 	if ((*so->so_proto->pr_usrreqs->pru_attach)(so, 0, NULL)) {
diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c
index afa6fbd..ede159d 100644
--- a/sys/netinet/in_pcb.c
+++ b/sys/netinet/in_pcb.c
@@ -31,7 +31,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)in_pcb.c	8.4 (Berkeley) 5/24/95
- *	$Id: in_pcb.c,v 1.37 1997/12/25 06:57:36 davidg Exp $
+ *	$Id: in_pcb.c,v 1.38 1998/01/27 09:15:03 davidg Exp $
  */
 
 #include <sys/param.h>
@@ -192,6 +192,12 @@ in_pcbbind(inp, nam, p)
 			if (ntohs(lport) < IPPORT_RESERVED && p &&
 			    suser(p->p_ucred, &p->p_acflag))
 				return (EACCES);
+			if (so->so_uid) {
+				t = in_pcblookup_local(inp->inp_pcbinfo,
+				    sin->sin_addr, lport, INPLOOKUP_WILDCARD);
+				if (t && (so->so_uid != t->inp_socket->so_uid))
+					return (EADDRINUSE);
+			}
 			t = in_pcblookup_local(pcbinfo, sin->sin_addr,
 			    lport, wild);
 			if (t && (reuseport & t->inp_socket->so_options) == 0)
diff --git a/sys/sys/socketvar.h b/sys/sys/socketvar.h
index cce6c14..f0ae22b 100644
--- a/sys/sys/socketvar.h
+++ b/sys/sys/socketvar.h
@@ -31,7 +31,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)socketvar.h	8.3 (Berkeley) 2/19/95
- * $Id: socketvar.h,v 1.23 1997/12/21 16:35:11 bde Exp $
+ * $Id: socketvar.h,v 1.24 1998/02/01 20:08:38 bde Exp $
  */
 
 #ifndef _SYS_SOCKETVAR_H_
@@ -102,6 +102,7 @@ struct socket {
 	caddr_t	so_tpcb;		/* Wisc. protocol control block XXX */
 	void	(*so_upcall) __P((struct socket *so, caddr_t arg, int waitf));
 	caddr_t	so_upcallarg;		/* Arg for above */
+	uid_t	so_uid;			/* who opened the socket */
 };
 
 /*