Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 450b114a authored by Pavlin Radoslavov's avatar Pavlin Radoslavov
Browse files

Disable remote TCP connections 

For security reasons, TCP sockets now listen on the loopback
IPv4 address 127.0.0.1 for incoming TCP connections.

Bug: 23272146
Change-Id: I88523f643f305f2281740575d7011b6077bf0843
parent 7316b506

system/osi/include/socket.h

+2 −2
Original line number Diff line number Diff line
@@ -45,8 +45,8 @@ socket_t *socket_new_from_fd(int fd); 
void socket_free(socket_t *socket);



// Puts |socket| in listening mode for incoming TCP connections on the specified

// |port|. Returns true on success, false on failure (e.g. |port| is bound by

// another socket). |socket| may not be NULL.

// |port| and the loopback IPv4 address. Returns true on success, false on

// failure (e.g. |port| is bound by another socket). |socket| may not be NULL.

bool socket_listen(const socket_t *socket, port_t port);



// Blocks on a listening socket, |socket|, until a client connects to it. Returns

system/osi/src/socket.c

+4 −1
Original line number Diff line number Diff line
@@ -34,6 +34,9 @@ 
#include "osi/include/reactor.h"

#include "osi/include/socket.h"



// The IPv4 loopback address: 127.0.0.1

static const in_addr_t LOCALHOST_ = 0x7f000001;



struct socket_t {

  int fd;

  reactor_object_t *reactor_object;
@@ -100,7 +103,7 @@ bool socket_listen(const socket_t *socket, port_t port) { 


  struct sockaddr_in addr;

  addr.sin_family = AF_INET;

  addr.sin_addr.s_addr = 0;

  addr.sin_addr.s_addr = htonl(LOCALHOST_);

  addr.sin_port = htons(port);

  if (bind(socket->fd, (struct sockaddr *)&addr, sizeof(addr)) == -1) {

    LOG_ERROR("%s unable to bind socket to port %u: %s", __func__, port, strerror(errno));