diff options
| author | Bill Fenner <fenner@FreeBSD.org> | 1998-09-17 18:42:16 +0000 |
|---|---|---|
| committer | Bill Fenner <fenner@FreeBSD.org> | 1998-09-17 18:42:16 +0000 |
| commit | 52b65dbe85fafaf636d9f6c8501a5504d20cfbdf (patch) | |
| tree | e9627c35053492f16e85b0a6e9b7182dd72717bb /sys/netinet/in_pcb.c | |
| parent | 0aba3bf3d27a32f7eb1032384e600b0b1857a02c (diff) | |
| download | src-52b65dbe85fafaf636d9f6c8501a5504d20cfbdf.tar.gz src-52b65dbe85fafaf636d9f6c8501a5504d20cfbdf.zip | |
Fix the bind security fix introduced in rev 1.38 to work with multicast:
- Don't bother checking for conflicting sockets if we're binding to a
multicast address.
- Don't return an error if we're binding to INADDR_ANY, the conflicting
socket is bound to INADDR_ANY, and the conflicting socket has SO_REUSEPORT
set.
PR: kern/7713
Notes
Notes:
svn path=/head/; revision=39426
Diffstat (limited to 'sys/netinet/in_pcb.c')
| -rw-r--r-- | sys/netinet/in_pcb.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c index 424ff9ff2787..c8ac1c0ee298 100644 --- a/sys/netinet/in_pcb.c +++ b/sys/netinet/in_pcb.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)in_pcb.c 8.4 (Berkeley) 5/24/95 - * $Id: in_pcb.c,v 1.43 1998/04/19 17:22:30 phk Exp $ + * $Id: in_pcb.c,v 1.44 1998/05/15 20:11:32 wollman Exp $ */ #include <sys/param.h> @@ -197,10 +197,16 @@ in_pcbbind(inp, nam, p) if (ntohs(lport) < IPPORT_RESERVED && p && suser(p->p_ucred, &p->p_acflag)) return (EACCES); - if (so->so_uid) { + if (so->so_uid && + !IN_MULTICAST(ntohl(sin->sin_addr.s_addr))) { t = in_pcblookup_local(inp->inp_pcbinfo, sin->sin_addr, lport, INPLOOKUP_WILDCARD); - if (t && (so->so_uid != t->inp_socket->so_uid)) + if (t && + (ntohl(sin->sin_addr.s_addr) != INADDR_ANY || + ntohl(t->inp_laddr.s_addr) != INADDR_ANY || + (t->inp_socket->so_options & + SO_REUSEPORT) == 0) && + (so->so_uid != t->inp_socket->so_uid)) return (EADDRINUSE); } t = in_pcblookup_local(pcbinfo, sin->sin_addr, |