Skip to content
Permalink
Browse files Browse the repository at this point in the history
common: [security fix] Make sure sockets only listen locally
  • Loading branch information
posixninja authored and nikias committed Dec 29, 2015
1 parent 4d365ee commit 4397b33
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions common/socket.c
Expand Up @@ -203,7 +203,7 @@ int socket_create(uint16_t port)

memset((void *) &saddr, 0, sizeof(saddr));
saddr.sin_family = AF_INET;
saddr.sin_addr.s_addr = htonl(INADDR_ANY);
saddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
saddr.sin_port = htons(port);

if (0 > bind(sfd, (struct sockaddr *) &saddr, sizeof(saddr))) {
Expand Down Expand Up @@ -368,7 +368,7 @@ int socket_accept(int fd, uint16_t port)

memset(&addr, 0, sizeof(addr));
addr.sin_family = AF_INET;
addr.sin_addr.s_addr = htonl(INADDR_ANY);
addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
addr.sin_port = htons(port);

addr_len = sizeof(addr);
Expand Down

2 comments on commit 4397b33

@setharnold
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does anyone know if there's a CVE already assigned for this issue?

Thanks

@setharnold
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.