Commit 715e6b6b authored by Kenton Varda's avatar Kenton Varda Committed by GitHub

Merge pull request #556 from capnproto/capability-stream

Make win32Socketpair() more secure
parents 8851c85d 9a9fd5f6
...@@ -149,10 +149,29 @@ int win32Socketpair(SOCKET socks[2]) { ...@@ -149,10 +149,29 @@ int win32Socketpair(SOCKET socks[2]) {
if (connect(socks[0], &a.addr, sizeof(a.inaddr)) == SOCKET_ERROR) if (connect(socks[0], &a.addr, sizeof(a.inaddr)) == SOCKET_ERROR)
break; break;
retryAccept:
socks[1] = accept(listener, NULL, NULL); socks[1] = accept(listener, NULL, NULL);
if (socks[1] == -1) if (socks[1] == -1)
break; break;
// Verify that the client is actually us and not someone else who raced to connect first.
// (This check added by Kenton for security.)
union {
struct sockaddr_in inaddr;
struct sockaddr addr;
} b, c;
socklen_t bAddrlen = sizeof(b.inaddr);
socklen_t cAddrlen = sizeof(b.inaddr);
if (getpeername(socks[1], &b.addr, &bAddrlen) == SOCKET_ERROR)
break;
if (getsockname(socks[0], &c.addr, &cAddrlen) == SOCKET_ERROR)
break;
if (bAddrlen != cAddrlen || memcmp(&b.addr, &c.addr, bAddrlen) != 0) {
// Someone raced to connect first. Ignore.
closesocket(socks[1]);
goto retryAccept;
}
closesocket(listener); closesocket(listener);
return 0; return 0;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment