diff options
author | netblue30 <netblue30@yahoo.com> | 2017-07-27 13:19:05 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-07-27 13:19:05 -0400 |
commit | 48bf6bad1deef63d56444bf2261af22b1704803a (patch) | |
tree | 1dce365407bace13b0c2ed267c557ccae88c45be | |
parent | merges (diff) | |
download | firejail-48bf6bad1deef63d56444bf2261af22b1704803a.tar.gz firejail-48bf6bad1deef63d56444bf2261af22b1704803a.tar.zst firejail-48bf6bad1deef63d56444bf2261af22b1704803a.zip |
tentative fix for arp cahce pollution - #1406
-rw-r--r-- | src/firejail/arp.c | 9 | ||||
-rw-r--r-- | src/firejail/firejail.h | 2 | ||||
-rw-r--r-- | src/firejail/network_main.c | 2 | ||||
-rw-r--r-- | src/firejail/sandbox.c | 2 |
4 files changed, 9 insertions, 6 deletions
diff --git a/src/firejail/arp.c b/src/firejail/arp.c index 10cfe507f..6d21167f0 100644 --- a/src/firejail/arp.c +++ b/src/firejail/arp.c | |||
@@ -42,7 +42,10 @@ typedef struct arp_hdr_t { | |||
42 | 42 | ||
43 | 43 | ||
44 | // returns 0 if the address is not in use, -1 otherwise | 44 | // returns 0 if the address is not in use, -1 otherwise |
45 | int arp_check(const char *dev, uint32_t destaddr, uint32_t srcaddr) { | 45 | int arp_check(const char *dev, uint32_t destaddr) { |
46 | // RFC 5227 - using a source IP address of 0 for probing | ||
47 | uint32_t srcaddr = 0; | ||
48 | |||
46 | if (strlen(dev) > IFNAMSIZ) { | 49 | if (strlen(dev) > IFNAMSIZ) { |
47 | fprintf(stderr, "Error: invalid network device name %s\n", dev); | 50 | fprintf(stderr, "Error: invalid network device name %s\n", dev); |
48 | exit(1); | 51 | exit(1); |
@@ -206,7 +209,7 @@ static uint32_t arp_random(const char *dev, Bridge *br) { | |||
206 | return 0; | 209 | return 0; |
207 | 210 | ||
208 | // check address | 211 | // check address |
209 | uint32_t rv = arp_check(dev, dest, ifip); | 212 | uint32_t rv = arp_check(dev, dest); |
210 | if (!rv) | 213 | if (!rv) |
211 | return dest; | 214 | return dest; |
212 | return 0; | 215 | return 0; |
@@ -248,7 +251,7 @@ static uint32_t arp_sequential(const char *dev, Bridge *br) { | |||
248 | dest++; | 251 | dest++; |
249 | continue; | 252 | continue; |
250 | } | 253 | } |
251 | uint32_t rv = arp_check(dev, dest, ifip); | 254 | uint32_t rv = arp_check(dev, dest); |
252 | if (!rv) | 255 | if (!rv) |
253 | return dest; | 256 | return dest; |
254 | dest++; | 257 | dest++; |
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 6aa29f896..5fd978f51 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -447,7 +447,7 @@ int restricted_shell(const char *user); | |||
447 | 447 | ||
448 | // arp.c | 448 | // arp.c |
449 | // returns 0 if the address is not in use, -1 otherwise | 449 | // returns 0 if the address is not in use, -1 otherwise |
450 | int arp_check(const char *dev, uint32_t destaddr, uint32_t srcaddr); | 450 | int arp_check(const char *dev, uint32_t destaddr); |
451 | // assign an IP address using arp scanning | 451 | // assign an IP address using arp scanning |
452 | uint32_t arp_assign(const char *dev, Bridge *br); | 452 | uint32_t arp_assign(const char *dev, Bridge *br); |
453 | 453 | ||
diff --git a/src/firejail/network_main.c b/src/firejail/network_main.c index 11e27575b..172395146 100644 --- a/src/firejail/network_main.c +++ b/src/firejail/network_main.c | |||
@@ -98,7 +98,7 @@ void net_configure_sandbox_ip(Bridge *br) { | |||
98 | exit(1); | 98 | exit(1); |
99 | } | 99 | } |
100 | // send an ARP request and check if there is anybody on this IP address | 100 | // send an ARP request and check if there is anybody on this IP address |
101 | if (arp_check(br->dev, br->ipsandbox, br->ip)) { | 101 | if (arp_check(br->dev, br->ipsandbox)) { |
102 | fprintf(stderr, "Error: IP address %d.%d.%d.%d is already in use\n", PRINT_IP(br->ipsandbox)); | 102 | fprintf(stderr, "Error: IP address %d.%d.%d.%d is already in use\n", PRINT_IP(br->ipsandbox)); |
103 | exit(1); | 103 | exit(1); |
104 | } | 104 | } |
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index ea39ed580..8c5c02d41 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -153,7 +153,7 @@ static void sandbox_if_up(Bridge *br) { | |||
153 | exit(1); | 153 | exit(1); |
154 | } | 154 | } |
155 | 155 | ||
156 | uint32_t rv = arp_check(dev, br->ipsandbox, br->ip); | 156 | uint32_t rv = arp_check(dev, br->ipsandbox); |
157 | if (rv) { | 157 | if (rv) { |
158 | fprintf(stderr, "Error: the address %d.%d.%d.%d is already in use.\n", PRINT_IP(br->ipsandbox)); | 158 | fprintf(stderr, "Error: the address %d.%d.%d.%d is already in use.\n", PRINT_IP(br->ipsandbox)); |
159 | exit(1); | 159 | exit(1); |