aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTom Tsou <tom.tsou@ettus.com>2016-04-28 21:24:53 -0700
committerTom Tsou <tom.tsou@ettus.com>2016-05-02 17:35:01 -0700
commitd4555f267e284d14e9e877f8f82da8bcc2d76d7a (patch)
tree9276ea318b2bd701a057b06deaff077ce618da96
parent047956259b468724e9c9d4b6bc436f8ee1f85a57 (diff)
common: Restrict UDP binding to localhost only
Reported security vulnerability where control and data UDP packets can be injected into the transceiver externally due to socket binding to all interfaces using INADDR_ANY. Existing socket interface does not allow specifying local address; only the local port and remote address/port are arguments. Restrict socket bind to localhost with INADDR_LOOPBACK. If external interfaces do need to be used, the API should be modified to allow specifying the local socket address. Reported-by: Simone Margaritelli <simone@zimperium.com> Signed-off-by: Tom Tsou <tom.tsou@ettus.com>
-rw-r--r--CommonLibs/Sockets.cpp2
1 files changed, 1 insertions, 1 deletions
diff --git a/CommonLibs/Sockets.cpp b/CommonLibs/Sockets.cpp
index dd7527c..c502a78 100644
--- a/CommonLibs/Sockets.cpp
+++ b/CommonLibs/Sockets.cpp
@@ -269,7 +269,7 @@ void UDPSocket::open(unsigned short localPort)
size_t length = sizeof(address);
bzero(&address,length);
address.sin_family = AF_INET;
- address.sin_addr.s_addr = INADDR_ANY;
+ address.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
address.sin_port = htons(localPort);
if (bind(mSocketFD,(struct sockaddr*)&address,length)<0) {
perror("bind() failed");