Bug#441082: linux-igd does not restrict itself to the internal interface

To: submit@bugs.debian.org
Subject: Bug#441082: linux-igd does not restrict itself to the internal interface
From: "Peter Naulls" <peter@mushroomnetworks.com>
Date: Thu, 6 Sep 2007 08:37:30 -0700
Message-id: <[🔎] 116202240709060837t7359e302g150425eb7436133@mail.gmail.com>
Reply-to: "Peter Naulls" <peter@mushroomnetworks.com>, 441082@bugs.debian.org

Package: linux-igd
Version: 0.cvs20060201-2
Severity: important
Tags: security, patch

linux-igd listens for UDP mutlicast packets but does not restrict
itself to just the internal interface (which has to be specified in
any case), thereby opening itself to possible external requests for
port forwarding.   In many cases this would be blocked by firewalling
rules on the same machine as the daemon, so would not be any issue
there.

This can be fixed with a simple bind() or SO_BINDTODEVICE as in the
attached patch.  Note that this patch is against the latest CVS, but
should be correct for the Debian versions.

Note that a more recent version of linux-igd has been packaged for Debian here:

http://mentors.debian.net/cgi-bin/sponsor-pkglist?action=details;package=linux-igd

Index: util.c
===================================================================
RCS file: /cvsroot/linux-igd/linux-igd/util.c,v
retrieving revision 1.3
diff -u -r1.3 util.c
--- util.c	1 Aug 2006 22:48:00 -0000	1.3
+++ util.c	6 Sep 2007 15:25:34 -0000
@@ -8,10 +8,11 @@
 #include <netinet/in.h>
 #include <sys/ioctl.h>
 #include <sys/socket.h>
+#include <unistd.h>
 #include "globals.h"
 
 
-static int get_sockfd(void)
+static int get_sockfd(const char *ifname)
 {
    static int sockfd = -1;
 
@@ -22,18 +23,26 @@
          perror("user: socket creating failed");
          return (-1);
       }
+
+      if (setsockopt(sockfd, SOL_SOCKET, SO_BINDTODEVICE, ifname, sizeof(ifname)))
+      {
+         perror("could not bind to device");
+         close(sockfd);
+         return (-1);
+      }
+
    }
    return sockfd;
 }
 
-int GetIpAddressStr(char *address, char *ifname)
+int GetIpAddressStr(char *address, const char *ifname)
 {
    struct ifreq ifr;
    struct sockaddr_in *saddr;
    int fd;
    int succeeded = 0;
 
-   fd = get_sockfd();
+   fd = get_sockfd(ifname);
    if (fd >= 0 )
    {
       strncpy(ifr.ifr_name, ifname, IFNAMSIZ);
Index: util.h
===================================================================
RCS file: /cvsroot/linux-igd/linux-igd/util.h,v
retrieving revision 1.3
diff -u -r1.3 util.h
--- util.h	1 Aug 2006 22:48:00 -0000	1.3
+++ util.h	6 Sep 2007 15:25:34 -0000
@@ -1,8 +1,8 @@
 #ifndef _UTIL_H_
 #define _UTIL_H_
 
-int get_sockfd(void);
-int GetIpAddressStr(char *address, char *ifname);
+int get_sockfd(const char *ifname);
+int GetIpAddressStr(char *address, const char *ifname);
 void trace(int debuglevel, const char *format, ...);
 
 #endif //_UTIL_H_

Reply to:

Prev by Date: Bug#234502: closed by Touko Korpela <tkorpela@phnet.fi> (Closing woody bug)
Next by Date: Bug#441190: pexts - FTBFS: at_pam.c:166: error: 'PAM_UPDATE_AUTHTOK' undeclared (first use in this function)
Previous by thread: Bug#234502: closed by Touko Korpela <tkorpela@phnet.fi> (Closing woody bug)
Next by thread: Bug#441190: pexts - FTBFS: at_pam.c:166: error: 'PAM_UPDATE_AUTHTOK' undeclared (first use in this function)
Index(es):
- Date
- Thread