From 29ef2c82db59da11f93c3a2127af62aa0c7b9bf3 Mon Sep 17 00:00:00 2001
From: Tom Tsou <tom.tsou@ettus.com>
Date: Mon, 2 May 2016 17:55:42 -0700
Subject: [PATCH] common: Restrict UDP binding to localhost only

Reported security vulnerability where control and data UDP
packets can be injected into the transceiver externally due
to socket binding to all interfaces using INADDR_ANY.

Existing socket interface does not allow specifying local
address; only the local port and remote address/port are
arguments.

Restrict socket bind to localhost with INADDR_LOOPBACK. If
external interfaces do need to be used, the API should be
modified to allow specifying the local socket address.

Reported-by: Simone Margaritelli <simone@zimperium.com>
Signed-off-by: Tom Tsou <tom.tsou@ettus.com>
---
 Sockets.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Sockets.cpp b/Sockets.cpp
index 8464616..bb00e9f 100644
--- a/Sockets.cpp
+++ b/Sockets.cpp
@@ -284,7 +284,7 @@ void UDPSocket::open(unsigned short localPort)
 	size_t length = sizeof(address);
 	bzero(&address,length);
 	address.sin_family = AF_INET;
-	address.sin_addr.s_addr = INADDR_ANY;
+	address.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
 	address.sin_port = htons(localPort);
 	if (bind(mSocketFD,(struct sockaddr*)&address,length)<0) {
 		char buf[100];