Skip to content

Commit 656de55

Browse files
author
rhc54
committed
Merge pull request #1361 from rhc54/topic/oob2
Correct ordering when checking for privileged ports
2 parents 56425a5 + 3510706 commit 656de55

File tree

2 files changed

+26
-25
lines changed

2 files changed

+26
-25
lines changed

orte/mca/oob/tcp/help-oob-tcp.txt

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -102,7 +102,9 @@ unprivileged source while we are operating at privileged
102102
levels.
103103

104104
Local host: %s
105-
Inbound port: %d
106105
Listening port: %d
106+
Remote host: %s
107+
Remote port: %d
108+
107109

108110
The connection was rejected.

orte/mca/oob/tcp/oob_tcp_listener.c

Lines changed: 23 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -743,31 +743,9 @@ static void* listen_thread(opal_object_t *obj)
743743
(struct sockaddr*)&(pending_connection->addr),
744744
&addrlen);
745745

746-
/* if we are on a privileged port, we only accept connections
747-
* from other privileged sockets. A privileged port is one
748-
* whose port is less than 1024 on Linux, so we'll check for that. */
749-
if (1024 >= listener->port) {
750-
uint16_t inport;
751-
if (listener->tcp6) {
752-
inport = ntohs(((struct sockaddr_in6*)&pending_connection->addr)->sin6_port);
753-
} else {
754-
inport = ntohs(((struct sockaddr_in*)&pending_connection->addr)->sin_port);
755-
}
756-
if (1024 < inport) {
757-
/* someone tried to cross-connect privileges,
758-
* say something */
759-
orte_show_help("help-oob-tcp.txt",
760-
"privilege failure",
761-
true, opal_process_info.nodename,
762-
listener->port, inport);
763-
CLOSE_THE_SOCKET(pending_connection->fd);
764-
OBJ_RELEASE(pending_connection);
765-
continue;
766-
}
767-
}
768746
/* check for < 0 as indicating an error upon accept */
769747
if (pending_connection->fd < 0) {
770-
OBJ_RELEASE(pending_connection); // this closes the incoming fd
748+
OBJ_RELEASE(pending_connection);
771749

772750
/* Non-fatal errors */
773751
if (EAGAIN == opal_socket_errno ||
@@ -806,12 +784,33 @@ static void* listen_thread(opal_object_t *obj)
806784
}
807785

808786
opal_output_verbose(OOB_TCP_DEBUG_CONNECT, orte_oob_base_framework.framework_output,
809-
"%s mca_oob_tcp_listen_thread: new connection: "
787+
"%s mca_oob_tcp_listen_thread: incoming connection: "
810788
"(%d, %d) %s:%d\n",
811789
ORTE_NAME_PRINT(ORTE_PROC_MY_NAME),
812790
pending_connection->fd, opal_socket_errno,
813791
opal_net_get_hostname((struct sockaddr*) &pending_connection->addr),
814792
opal_net_get_port((struct sockaddr*) &pending_connection->addr));
793+
794+
/* if we are on a privileged port, we only accept connections
795+
* from other privileged sockets. A privileged port is one
796+
* whose port is less than 1024 on Linux, so we'll check for that. */
797+
if (1024 >= listener->port) {
798+
uint16_t inport;
799+
inport = opal_net_get_port((struct sockaddr*) &pending_connection->addr);
800+
if (1024 < inport) {
801+
/* someone tried to cross-connect privileges,
802+
* say something */
803+
orte_show_help("help-oob-tcp.txt",
804+
"privilege failure", true,
805+
opal_process_info.nodename, listener->port,
806+
opal_net_get_hostname((struct sockaddr*) &pending_connection->addr),
807+
inport);
808+
CLOSE_THE_SOCKET(pending_connection->fd);
809+
OBJ_RELEASE(pending_connection);
810+
continue;
811+
}
812+
}
813+
815814
/* activate the event */
816815
opal_event_active(&pending_connection->ev, OPAL_EV_WRITE, 1);
817816
accepted_connections++;

0 commit comments

Comments
 (0)