From d2199cbb8f361772819402b56e6fa46587a31c56 Mon Sep 17 00:00:00 2001 From: Pavlin Radoslavov Date: Mon, 17 Aug 2015 18:54:22 -0700 Subject: [PATCH] Disable remote TCP connections For security reasons, TCP sockets now listen on the loopback IPv4 address 127.0.0.1 for incoming TCP connections. Bug: 23272146 Change-Id: I88523f643f305f2281740575d7011b6077bf0843 --- osi/include/socket.h | 4 ++-- osi/src/socket.c | 5 ++++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/osi/include/socket.h b/osi/include/socket.h index e2d0888c1..28332901d 100644 --- a/osi/include/socket.h +++ b/osi/include/socket.h @@ -45,8 +45,8 @@ socket_t *socket_new_from_fd(int fd); void socket_free(socket_t *socket); // Puts |socket| in listening mode for incoming TCP connections on the specified -// |port|. Returns true on success, false on failure (e.g. |port| is bound by -// another socket). |socket| may not be NULL. +// |port| and the loopback IPv4 address. Returns true on success, false on +// failure (e.g. |port| is bound by another socket). |socket| may not be NULL. bool socket_listen(const socket_t *socket, port_t port); // Blocks on a listening socket, |socket|, until a client connects to it. Returns diff --git a/osi/src/socket.c b/osi/src/socket.c index 8841d5605..91f084e79 100644 --- a/osi/src/socket.c +++ b/osi/src/socket.c @@ -34,6 +34,9 @@ #include "osi/include/reactor.h" #include "osi/include/socket.h" +// The IPv4 loopback address: 127.0.0.1 +static const in_addr_t LOCALHOST_ = 0x7f000001; + struct socket_t { int fd; reactor_object_t *reactor_object; @@ -100,7 +103,7 @@ bool socket_listen(const socket_t *socket, port_t port) { struct sockaddr_in addr; addr.sin_family = AF_INET; - addr.sin_addr.s_addr = 0; + addr.sin_addr.s_addr = htonl(LOCALHOST_); addr.sin_port = htons(port); if (bind(socket->fd, (struct sockaddr *)&addr, sizeof(addr)) == -1) { LOG_ERROR("%s unable to bind socket to port %u: %s", __func__, port, strerror(errno)); -- 2.11.0