socketpair: allow localhost MITM sniffers

Windows allow programs to MITM connections to localhost. The previous check here would detect that and error out. This new method writes data to verify the pipe thus allowing MITM. Reported-by: SerusDev on github Fixes #10144 Closes #10169
2022-12-27 17:19:51 +01:00 · 2022-12-27 17:19:51 +01:00 · 7fa449ca0c
commit 7fa449ca0c
parent 5ab72b9a57
1 changed files with 12 additions and 15 deletions
--- a/lib/socketpair.c
+++ b/lib/socketpair.c
@ -65,7 +65,7 @@ int Curl_socketpair(int domain, int type, int protocol,
  union {
    struct sockaddr_in inaddr;
    struct sockaddr addr;
-  } a, a2;
+  } a;
  curl_socket_t listener;
  curl_socklen_t addrlen = sizeof(a.inaddr);
  int reuse = 1;
@ -107,24 +107,21 @@ int Curl_socketpair(int domain, int type, int protocol,
  pfd[0].fd = listener;
  pfd[0].events = POLLIN;
  pfd[0].revents = 0;
-  (void)Curl_poll(pfd, 1, 10*1000); /* 10 seconds */
+  (void)Curl_poll(pfd, 1, 1000); /* one second */
  socks[1] = accept(listener, NULL, NULL);
  if(socks[1] == CURL_SOCKET_BAD)
    goto error;
+  else {
+    struct curltime check;
+    struct curltime now = Curl_now();

-  /* verify that nothing else connected */
-  addrlen = sizeof(a.inaddr);
-  if(getsockname(socks[0], &a.addr, &addrlen) == -1 ||
-     addrlen < (int)sizeof(a.inaddr))
-    goto error;
-  addrlen = sizeof(a2.inaddr);
-  if(getpeername(socks[1], &a2.addr, &addrlen) == -1 ||
-     addrlen < (int)sizeof(a2.inaddr))
-    goto error;
-  if(a.inaddr.sin_family != a2.inaddr.sin_family ||
-     a.inaddr.sin_addr.s_addr != a2.inaddr.sin_addr.s_addr ||
-     a.inaddr.sin_port != a2.inaddr.sin_port)
+    /* write data to the socket */
+    swrite(socks[0], &now, sizeof(now));
+    /* verify that we read the correct data */
+    if((sizeof(now) != sread(socks[1], &check, sizeof(check)) ||
+        memcmp(&now, &check, sizeof(check))))
      goto error;
+  }

  sclose(listener);
  return 0;