From jami@sprite65.doc.ic.ac.uk  Sat Jan 31 11:00:42 1998
Received: from sprite65.doc.ic.ac.uk (sprite65.doc.ic.ac.uk [146.169.50.65])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA19471
          for <FreeBSD-gnats-submit@freebsd.org>; Sat, 31 Jan 1998 11:00:41 -0800 (PST)
          (envelope-from jami@sprite65.doc.ic.ac.uk)
Received: (from jami@localhost)
	by sprite65.doc.ic.ac.uk (8.8.8/8.8.8) id SAA00642;
	Sat, 31 Jan 1998 18:58:55 GMT
	(envelope-from jami)
Message-Id: <199801311858.SAA00642@sprite65.doc.ic.ac.uk>
Date: Sat, 31 Jan 1998 18:58:55 GMT
From: njs3@doc.ic.ac.uk
Reply-To: njs3@doc.ic.ac.uk
To: FreeBSD-gnats-submit@freebsd.org
Subject: bind does not check sockaddr.sin_family corresponds to socket type
X-Send-Pr-Version: 3.2

>Number:         5611
>Category:       kern
>Synopsis:       bind does not check sockaddr->sin_family corresponds to socket type
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Jan 31 11:10:00 PST 1998
>Closed-Date:    Sat Jul 21 22:55:24 PDT 2001
>Last-Modified:  Sat Jul 21 22:55:45 PDT 2001
>Originator:     Niall Smart
>Release:        FreeBSD 3.0-971225-SNAP i386
>Organization:
>Environment:
>Description:

the bind() syscall does not check that the sin_family member of the
sockaddr passed is appropriate for the type of socket that the bind
is being applied to

>How-To-Repeat:

        struct sockaddr_in      sin;
	int			fd;

        if ( (fd = socket(PF_INET, SOCK_STREAM, 0)) < 0) {
                perror("socket");
                exit(1);
        }

        bzero(&sin, sizeof(sin));

        sin.sin_port = htons(3456);
        sin.sin_family = AF_UNIX;
        sin.sin_addr.s_addr = htonl(INADDR_ANY);

        if (bind(fd, (struct sockaddr*) &sin, sizeof(sin)) < 0) {
                perror("bind");
                exit(1);
        }

The above code executes successfully, however bind should return -1
because sin.sin_family is AF_UNIX, not AF_INET.

>Fix:
	
	

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: mike 
State-Changed-When: Sat Jul 21 22:41:42 PDT 2001 
State-Changed-Why:  

Does this problem still occur in newer versions of FreeBSD, 
such as 4.3-RELEASE? 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=5611 
State-Changed-From-To: feedback->closed 
State-Changed-By: mike 
State-Changed-When: Sat Jul 21 22:55:24 PDT 2001 
State-Changed-Why:  

E-mail sent to originator bounces. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=5611 
>Unformatted:
