summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorIan Gudger <igudger@google.com>2019-03-08 19:04:29 -0800
committerShentubot <shentubot@google.com>2019-03-08 19:05:26 -0800
commit86036f979b34855f0c945056f908961ccb804c1e (patch)
tree60ba0b7f71399e2dddd6d283954a4f984501da73
parent56a61282953b46c8f8b707d5948a2d3958dced0c (diff)
Validate multicast addresses in multicast group operations.
PiperOrigin-RevId: 237559843 Change-Id: I93a9d83a08cd3d49d5fc7fcad5b0710d0aa04aaa
-rw-r--r--pkg/tcpip/transport/udp/endpoint.go10
-rw-r--r--test/syscalls/linux/socket_ip_udp_generic.cc11
2 files changed, 11 insertions, 10 deletions
diff --git a/pkg/tcpip/transport/udp/endpoint.go b/pkg/tcpip/transport/udp/endpoint.go
index 3693abae5..cdde6a023 100644
--- a/pkg/tcpip/transport/udp/endpoint.go
+++ b/pkg/tcpip/transport/udp/endpoint.go
@@ -459,6 +459,10 @@ func (e *endpoint) SetSockOpt(opt interface{}) *tcpip.Error {
e.multicastAddr = addr
case tcpip.AddMembershipOption:
+ if !header.IsV4MulticastAddress(v.MulticastAddr) && !header.IsV6MulticastAddress(v.MulticastAddr) {
+ return tcpip.ErrInvalidOptionValue
+ }
+
nicID := v.NIC
if v.InterfaceAddr == header.IPv4Any {
if nicID == 0 {
@@ -475,7 +479,6 @@ func (e *endpoint) SetSockOpt(opt interface{}) *tcpip.Error {
return tcpip.ErrUnknownDevice
}
- // TODO: check that v.MulticastAddr is a multicast address.
if err := e.stack.JoinGroup(e.netProto, nicID, v.MulticastAddr); err != nil {
return err
}
@@ -486,6 +489,10 @@ func (e *endpoint) SetSockOpt(opt interface{}) *tcpip.Error {
e.multicastMemberships = append(e.multicastMemberships, multicastMembership{nicID, v.MulticastAddr})
case tcpip.RemoveMembershipOption:
+ if !header.IsV4MulticastAddress(v.MulticastAddr) && !header.IsV6MulticastAddress(v.MulticastAddr) {
+ return tcpip.ErrInvalidOptionValue
+ }
+
nicID := v.NIC
if v.InterfaceAddr == header.IPv4Any {
if nicID == 0 {
@@ -502,7 +509,6 @@ func (e *endpoint) SetSockOpt(opt interface{}) *tcpip.Error {
return tcpip.ErrUnknownDevice
}
- // TODO: check that v.MulticastAddr is a multicast address.
if err := e.stack.LeaveGroup(e.netProto, nicID, v.MulticastAddr); err != nil {
return err
}
diff --git a/test/syscalls/linux/socket_ip_udp_generic.cc b/test/syscalls/linux/socket_ip_udp_generic.cc
index 58d1c846d..197783e55 100644
--- a/test/syscalls/linux/socket_ip_udp_generic.cc
+++ b/test/syscalls/linux/socket_ip_udp_generic.cc
@@ -121,14 +121,9 @@ TEST_P(UDPSocketPairTest, SetEmptyIPAddMembership) {
auto sockets = ASSERT_NO_ERRNO_AND_VALUE(NewSocketPair());
struct ip_mreqn req = {};
- int ret = setsockopt(sockets->first_fd(), IPPROTO_IP, IP_ADD_MEMBERSHIP, &req,
- sizeof(req));
- // FIXME: gVisor returns the incorrect errno.
- if (IsRunningOnGvisor()) {
- EXPECT_THAT(ret, SyscallFails());
- } else {
- EXPECT_THAT(ret, SyscallFailsWithErrno(EINVAL));
- }
+ EXPECT_THAT(setsockopt(sockets->first_fd(), IPPROTO_IP, IP_ADD_MEMBERSHIP,
+ &req, sizeof(req)),
+ SyscallFailsWithErrno(EINVAL));
}
} // namespace testing