From owner-freebsd-bugs  Sat Jan 31 11:10:02 1998
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id LAA20199
          for freebsd-bugs-outgoing; Sat, 31 Jan 1998 11:10:02 -0800 (PST)
          (envelope-from owner-freebsd-bugs@FreeBSD.ORG)
Received: (from gnats@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id LAA20193;
          Sat, 31 Jan 1998 11:10:01 -0800 (PST)
          (envelope-from gnats)
Received: from sprite65.doc.ic.ac.uk (sprite65.doc.ic.ac.uk [146.169.50.65])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA19471
          for <FreeBSD-gnats-submit@freebsd.org>; Sat, 31 Jan 1998 11:00:41 -0800 (PST)
          (envelope-from jami@sprite65.doc.ic.ac.uk)
Received: (from jami@localhost)
	by sprite65.doc.ic.ac.uk (8.8.8/8.8.8) id SAA00642;
	Sat, 31 Jan 1998 18:58:55 GMT
	(envelope-from jami)
Message-Id: <199801311858.SAA00642@sprite65.doc.ic.ac.uk>
Date: Sat, 31 Jan 1998 18:58:55 GMT
From: njs3@doc.ic.ac.uk
Reply-To: njs3@doc.ic.ac.uk
To: FreeBSD-gnats-submit@FreeBSD.ORG
X-Send-Pr-Version: 3.2
Subject: kern/5611: bind does not check sockaddr.sin_family corresponds to socket type
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
X-To-Unsubscribe: mail to majordomo@FreeBSD.org "unsubscribe freebsd-bugs"


>Number:         5611
>Category:       kern
>Synopsis:       bind does not check sockaddr->sin_family corresponds to socket type
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Jan 31 11:10:00 PST 1998
>Last-Modified:
>Originator:     Niall Smart
>Organization:
>Release:        FreeBSD 3.0-971225-SNAP i386
>Environment:
>Description:

the bind() syscall does not check that the sin_family member of the
sockaddr passed is appropriate for the type of socket that the bind
is being applied to

>How-To-Repeat:

        struct sockaddr_in      sin;
	int			fd;

        if ( (fd = socket(PF_INET, SOCK_STREAM, 0)) < 0) {
                perror("socket");
                exit(1);
        }

        bzero(&sin, sizeof(sin));

        sin.sin_port = htons(3456);
        sin.sin_family = AF_UNIX;
        sin.sin_addr.s_addr = htonl(INADDR_ANY);

        if (bind(fd, (struct sockaddr*) &sin, sizeof(sin)) < 0) {
                perror("bind");
                exit(1);
        }

The above code executes successfully, however bind should return -1
because sin.sin_family is AF_UNIX, not AF_INET.

>Fix:
	
	

>Audit-Trail:
>Unformatted: