listening sockets to be talked to by non-local hosts, reinstate the
explicit peer address check on connection acceptance.
git-svn-id: svn://svn.tartarus.org/sgt/putty@1306
cda61777-01e9-0310-a592-
d414129be87e
int frozen; /* this causes readability notifications to be ignored */
int frozen_readable; /* this means we missed at least one readability
* notification while we were frozen */
int frozen; /* this causes readability notifications to be ignored */
int frozen_readable; /* this means we missed at least one readability
* notification while we were frozen */
+ int localhost_only; /* for listening sockets */
char oobdata[1];
int sending_oob;
int oobinline;
char oobdata[1];
int sending_oob;
int oobinline;
ret->sending_oob = 0;
ret->frozen = 1;
ret->frozen_readable = 0;
ret->sending_oob = 0;
ret->frozen = 1;
ret->frozen_readable = 0;
+ ret->localhost_only = 0; /* unused, but best init anyway */
ret->sending_oob = 0;
ret->frozen = 0;
ret->frozen_readable = 0;
ret->sending_oob = 0;
ret->frozen = 0;
ret->frozen_readable = 0;
+ ret->localhost_only = 0; /* unused, but best init anyway */
ret->sending_oob = 0;
ret->frozen = 0;
ret->frozen_readable = 0;
ret->sending_oob = 0;
ret->frozen = 0;
ret->frozen_readable = 0;
+ ret->localhost_only = local_host_only;
return open;
case FD_ACCEPT:
{
return open;
case FD_ACCEPT:
{
- struct sockaddr isa;
- int addrlen = sizeof(struct sockaddr);
+ struct sockaddr_in isa;
+ int addrlen = sizeof(struct sockaddr_in);
SOCKET t; /* socket of connection */
SOCKET t; /* socket of connection */
- memset(&isa, 0, sizeof(struct sockaddr));
+ memset(&isa, 0, sizeof(struct sockaddr_in));
err = 0;
t = accept(s->s,&isa,&addrlen);
if (t == INVALID_SOCKET)
err = 0;
t = accept(s->s,&isa,&addrlen);
if (t == INVALID_SOCKET)
- if (plug_accepting(s->plug, (void*)t)) {
+ if (s->localhost_only &&
+ ntohl(isa.sin_addr.s_addr) != INADDR_LOOPBACK) {
+ closesocket(t); /* dodgy WinSock let nonlocal through */
+ } else if (plug_accepting(s->plug, (void*)t)) {
closesocket(t); /* denied or error */
}
}
closesocket(t); /* denied or error */
}
}