This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OpenBTS' transceiver retro-fit".
The branch, ttsou/fixes has been created
at 520d21c825c4f856b4faec6ddaa1b653d113fd05 (commit)
- Log -----------------------------------------------------------------
http://cgit.osmocom.org/osmo-trx/commit/?id=520d21c825c4f856b4faec6ddaa1b65…
commit 520d21c825c4f856b4faec6ddaa1b653d113fd05
Author: Tom Tsou <tom.tsou(a)ettus.com>
Date: Thu Apr 28 21:24:53 2016 -0700
common: Restrict UDP binding to localhost only
Reported security vulnerability where control and data UDP
packets can be injected into the transceiver externally due
to socket binding to all interfaces using INADDR_ANY.
Existing socket interface does not allow specifying local
address; only the local port and remote address/port are
arguments.
Restrict socket bind to localhost with INADDR_LOOPBACK. If
external interfaces do need to be used, the API should be
modified to allow specifying the local socket address.
Reported-by: Simone Margaritelli <simone(a)zimperium.com>
Signed-off-by: Tom Tsou <tom.tsou(a)ettus.com>
-----------------------------------------------------------------------
hooks/post-receive
--
OpenBTS' transceiver retro-fit