[Openbts-discuss] [PATCH 1/2] common: Restrict UDP binding to localhost only

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Reported security vulnerability where control and data UDP
packets can be injected into the transceiver externally due
to socket binding to all interfaces using INADDR_ANY.

Existing socket interface does not allow specifying local
address; only the local port and remote address/port are
arguments.

Restrict socket bind to localhost with INADDR_LOOPBACK. If
external interfaces do need to be used, the API should be
modified to allow specifying the local socket address.

Reported-by: Simone Margaritelli <si...@zi...>
Signed-off-by: Tom Tsou <tom...@et...>
---
 Sockets.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Sockets.cpp b/Sockets.cpp
index 8464616..bb00e9f 100644
--- a/Sockets.cpp
+++ b/Sockets.cpp
@@ -284,7 +284,7 @@ void UDPSocket::open(unsigned short localPort)
 	size_t length = sizeof(address);
 	bzero(&address,length);
 	address.sin_family = AF_INET;
-	address.sin_addr.s_addr = INADDR_ANY;
+	address.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
 	address.sin_port = htons(localPort);
 	if (bind(mSocketFD,(struct sockaddr*)&address,length)<0) {
 		char buf[100];
-- 
2.4.11





[Openbts-discuss] [PATCH 1/2] common: Restrict UDP binding to localhost only

GSM L1-L3 stack with SIP network interfaces

[Openbts-discuss] [PATCH 1/2] common: Restrict UDP binding to localhost only