RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-26 05:07:35 +00:00
Code Issues Activity Actions

Kernel: Ensure sockets_by_tuple table entry is up to date on connect

Browse source 
Previously we would incorrectly handle the (somewhat uncommon) case of
binding and then separately connecting a tcp socket to a server, as we
would register the socket during the manual bind(2) in the sockets by
tuple table, but our effective tuple would then change as the result of
the connect updating our target peer address. This would result in the
the entry not being removed from the table on destruction, which could
lead to a UAF.

We now make sure to update the table entry if needed during connects.
This commit is contained in:
Idan Horowitz 2023-12-25 23:23:28 +02:00 committed by Andreas Kling
parent da2f33df82
commit 863e8c30ad
3 changed files with 70 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Kernel/Net/TCPSocket.h
View file

@ -234,6 +234,8 @@ private:
IntrusiveListNode<TCPSocket> m_retransmit_list_node;
Optional<IPv4SocketTuple> m_registered_socket_tuple;
public:
using RetransmitList = IntrusiveList<&TCPSocket::m_retransmit_list_node>;
static MutexProtected<TCPSocket::RetransmitList>& sockets_for_retransmit();