-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[SECURITY]net/tcp: sanity check for the listen address #4603
Conversation
The changes seem fine, but I may lack the knowledge on the TCP stack for properly evaluating them. |
yes, that is why the code pass the check if anyone of two addresses match. The hardcode one represent the any address. Caller can specify the netdev ip to accept the connection from only that device, or all zero ip to accept the connection from any netdev. Actually, this behaivour specify in the spec.
See the above comment. |
Oh, right. I had misunderstood that part of the code. Thanks for the clarification. |
Signed-off-by: chao.an <anchao@xiaomi.com>
Summary
net/tcp: sanity check for the listen address
TCP stack only checks the visitor's port number on listening port,
which will cause external links to arbitrarily access local resources in the nuttx system:
In this PR we added an address check on listener port and reject malicious connections if the address check failure
Impact
tcp stack accept
Testing
tcp test connect to the nuttx