From owner-cvs-src@FreeBSD.ORG  Wed Jul 28 13:03:08 2004
Return-Path: <owner-cvs-src@FreeBSD.ORG>
Delivered-To: cvs-src@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id B69A316A4CE; Wed, 28 Jul 2004 13:03:08 +0000 (GMT)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id ADEB443D46; Wed, 28 Jul 2004 13:03:08 +0000 (GMT)
	(envelope-from yar@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.12.11/8.12.11) with ESMTP id i6SD38JH095565;
	Wed, 28 Jul 2004 13:03:08 GMT
	(envelope-from yar@repoman.freebsd.org)
Received: (from yar@localhost)
	by repoman.freebsd.org (8.12.11/8.12.11/Submit) id i6SD38mT095564;
	Wed, 28 Jul 2004 13:03:08 GMT
	(envelope-from yar)
Message-Id: <200407281303.i6SD38mT095564@repoman.freebsd.org>
From: Yar Tikhiy <yar@FreeBSD.org>
Date: Wed, 28 Jul 2004 13:03:08 +0000 (UTC)
To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org,
	cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: HEAD
Subject: cvs commit: src/sys/netinet in_pcb.c src/sys/netinet6 in6_pcb.c
X-BeenThere: cvs-src@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: CVS commit messages for the src tree <cvs-src.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src>
List-Post: <mailto:cvs-src@freebsd.org>
List-Help: <mailto:cvs-src-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Jul 2004 13:03:08 -0000

yar         2004-07-28 13:03:07 UTC

  FreeBSD src repository

  Modified files:
    sys/netinet          in_pcb.c 
    sys/netinet6         in6_pcb.c 
  Log:
  Disallow a particular kind of port theft described by the following scenario:
  
          Alice is too lazy to write a server application in PF-independent
          manner.  Therefore she knocks up the server using PF_INET6 only
          and allows the IPv6 socket to accept mapped IPv4 as well.  An evil
          hacker known on IRC as cheshire_cat has an account in the same
          system.  He starts a process listening on the same port as used
          by Alice's server, but in PF_INET.  As a consequence, cheshire_cat
          will distract all IPv4 traffic supposed to go to Alice's server.
  
  Such sort of port theft was initially enabled by copying the code that
  implemented the RFC 2553 semantics on IPv4/6 sockets (see inet6(4)) for
  the implied case of the same owner for both connections.  After this
  change, the above scenario will be impossible.  In the same setting,
  the user who attempts to start his server last will get EADDRINUSE.
  
  Of course, using IPv4 mapped to IPv6 leads to security complications
  in the first place, but there is no reason to make it even more unsafe.
  
  This change doesn't apply to KAME since it affects a FreeBSD-specific
  part of the code.  It doesn't modify the out-of-box behaviour of the
  TCP/IP stack either as long as mapping IPv4 to IPv6 is off by default.
  
  MFC after:      1 month
  
  Revision  Changes    Path
  1.152     +1 -10     src/sys/netinet/in_pcb.c
  1.57      +1 -5      src/sys/netinet6/in6_pcb.c