You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@nuttx.apache.org by GitBox <gi...@apache.org> on 2021/09/24 02:10:45 UTC

[GitHub] [incubator-nuttx] xiaoxiang781216 commented on pull request #4603: [SECURITY]net/tcp: sanity check for the listen address

xiaoxiang781216 commented on pull request #4603:
URL: https://github.com/apache/incubator-nuttx/pull/4603#issuecomment-926290037


   > The changes seem fine, but I may lack the knowledge on the TCP stack for properly evaluating them.
   > Just a question: although it may be a security concern, isn't it valid to listen just to a port and accept connections from any address?
   
   yes, that is why the code pass the check if anyone of two addresses match. The hardcode one represent the any address. Caller can specify the netdev ip to accept the connection from only that device, or all zero ip to accept the connection from any netdev. Actually, this behaivour specify in the spec.
   
   > If I understood correctly, this won't be possible anymore, right?
   
   See the above comment.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@nuttx.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org