From 45f0ba15479f1a485802e54e398ddc3196c04795 Mon Sep 17 00:00:00 2001
From: yar <yar@FreeBSD.org>
Date: Thu, 20 May 2004 06:35:02 +0000
Subject: When checking for possible port theft, skip over a TCP inpcb unless
 it's in the closed or listening state (remote address == INADDR_ANY).

If a TCP inpcb is in any other state, it's impossible to steal
its local port or use it for port theft.  And if there are
both closed/listening and connected TCP inpcbs on the same
localIP:port couple, the call to in_pcblookup_local() will
find the former due to the design of that function.

No objections raised in:	-net, -arch
MFC after:			1 month
---
 sys/netinet/in_pcb.c | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

(limited to 'sys/netinet/in_pcb.c')

diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c
index c68ed23..d957307 100644
--- a/sys/netinet/in_pcb.c
+++ b/sys/netinet/in_pcb.c
@@ -332,14 +332,10 @@ in_pcbbind_setup(inp, nam, laddrp, lportp, cred)
 	 * XXX
 	 * This entire block sorely needs a rewrite.
 	 */
-				if (t && (t->inp_vflag & INP_TIMEWAIT)) {
-					if ((ntohl(sin->sin_addr.s_addr) != INADDR_ANY ||
-					    ntohl(t->inp_laddr.s_addr) != INADDR_ANY ||
-					    (intotw(t)->tw_so_options & SO_REUSEPORT) == 0) &&
-					    (so->so_cred->cr_uid != intotw(t)->tw_cred->cr_uid))
-						return (EADDRINUSE);
-				} else
 				if (t &&
+				    ((t->inp_vflag & INP_TIMEWAIT) == 0) &&
+				    (so->so_type != SOCK_STREAM ||
+				     ntohl(t->inp_faddr.s_addr) == INADDR_ANY) &&
 				    (ntohl(sin->sin_addr.s_addr) != INADDR_ANY ||
 				     ntohl(t->inp_laddr.s_addr) != INADDR_ANY ||
 				     (t->inp_socket->so_options &
-- 
cgit v1.1