fergalmoran/ladybird
1
0
Fork 0
mirror of https://github.com/fergalmoran/ladybird.git synced 2026-02-24 00:24:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

Kernel: Stop modifying peer address/port in sendto on a TCP socket

Browse Source 
POSIX (rightfully so) specifies that the sendto address argument is
ignored in connection-oriented protocols.

The TCPSocket also assumed the peer address may not change post-connect
and would trigger a UAF in sockets_by_tuple() when it did.
This commit is contained in:
Idan Horowitz
2023-12-25 15:44:36 +02:00
committed by Andreas Kling
parent 8bb423daf7
commit da2f33df82
3 changed files with 87 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
Kernel/Net/IPv4Socket.cpp
View File

@@ -204,8 +204,10 @@ ErrorOr<size_t> IPv4Socket::sendto(OpenFileDescription&, UserOrKernelBuffer cons
return set_so_error(EAFNOSUPPORT);
}
m_peer_address = IPv4Address((u8 const*)&ia.sin_addr.s_addr);
m_peer_port = ntohs(ia.sin_port);
if (type() != SOCK_STREAM) {
m_peer_address = IPv4Address((u8 const*)&ia.sin_addr.s_addr);
m_peer_port = ntohs(ia.sin_port);
}
}
if (!is_connected() && m_peer_address.is_zero())