gnh1201/wasm-micro-runtime
1
0
Fork 0
mirror of https://github.com/bytecodealliance/wasm-micro-runtime.git synced 2025-06-18 02:59:21 +00:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

Fix socket api verification of addresses in the address pool (#1270)

Browse Source 
The existing validation didn't work as expected; e.g. for address
pool: 8.8.8.8/24 the application had access to the 127.0.0.1 address (which
should not).
This commit is contained in:
Marcin Kolny 2022-07-12 09:21:49 +01:00 committed by GitHub
parent 177aa4fc79
commit d08e13c5ad
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
core/iwasm/libraries/libc-wasi/sandboxed-system-primitives/src/posix.c
View File

@ -3270,7 +3270,19 @@ compare_address(const struct addr_pool *addr_pool_entry, const char *addr)
return false; return false;
} }
uint32 mask = addr_pool_entry->mask; const uint32 max_mask_value = 32;
/* no support for invalid mask values */
if (addr_pool_entry->mask > max_mask_value) {
return false;
}
/* convert mask number into 32-bit mask value, i.e. mask /24 will be
converted to 4294967040 (binary: 11111111 11111111 11111111 00000000) */
uint32 mask = 0;
for (int i = 0; i < addr_pool_entry->mask; i++) {
mask |= 1 << (max_mask_value - 1 - i);
}
uint32 first_address = address & mask; uint32 first_address = address & mask;
uint32 last_address = address | (~mask); uint32 last_address = address | (~mask);
return first_address <= target && target <= last_address; return first_address <= target && target <= last_address;