diff options
| author | Kartik K. Agaram <vc@akkartik.com> | 2021-12-25 20:37:45 -0800 |
|---|---|---|
| committer | Kartik K. Agaram <vc@akkartik.com> | 2021-12-25 20:43:19 -0800 |
| commit | 6ae7bf91b1828df915f261c25202ca4dc241bbe9 (patch) | |
| tree | e0b42a9c763f36c3315ea43f9889095230558c42 | |
| parent | 16d949e2596fa56003cf01e3c78fa901e0614c0a (diff) | |
| download | teliva-6ae7bf91b1828df915f261c25202ca4dc241bbe9.tar.gz | |
network calls are now sandboxed
I _think_ I don't need to gate other socket calls; you can't do anything without bind() and connect(). And they should be good places to dump more precise details later about the kind of server or client connection being attempted.
| -rw-r--r-- | src/luasocket/usocket.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/src/luasocket/usocket.c b/src/luasocket/usocket.c index acfe186..2fb77a1 100644 --- a/src/luasocket/usocket.c +++ b/src/luasocket/usocket.c @@ -7,6 +7,7 @@ * the I/O call fail in the first place. \*=========================================================================*/ #include "luasocket.h" +#include "../teliva.h" #include "socket.h" #include "pierror.h" @@ -91,7 +92,7 @@ int socket_close(void) { } /*-------------------------------------------------------------------------*\ -* Close and inutilize socket +* Close and initialize socket \*-------------------------------------------------------------------------*/ void socket_destroy(p_socket ps) { if (*ps != SOCKET_INVALID) { @@ -131,6 +132,10 @@ int socket_create(p_socket ps, int domain, int type, int protocol) { \*-------------------------------------------------------------------------*/ int socket_bind(p_socket ps, SA *addr, socklen_t len) { int err = IO_DONE; + if (!net_operations_allowed) { + Previous_message = "app tried to start a server; adjust its permissions (ctrl-p) if that is expected"; + return IO_CLOSED; + } socket_setblocking(ps); if (bind(*ps, addr, len) < 0) err = errno; socket_setnonblocking(ps); @@ -160,6 +165,10 @@ int socket_connect(p_socket ps, SA *addr, socklen_t len, p_timeout tm) { int err; /* avoid calling on closed sockets */ if (*ps == SOCKET_INVALID) return IO_CLOSED; + if (!net_operations_allowed) { + Previous_message = "app tried to connect to a remote server; adjust its permissions (ctrl-p) if that is expected"; + return IO_CLOSED; + } /* call connect until done or failed without being interrupted */ do if (connect(*ps, addr, len) == 0) return IO_DONE; while ((err = errno) == EINTR); |