Allow access if getsockname() or getifaddrs() fails

For some address families, non AF_INET* sockets, the syscall getsockname() may fail, tihs is OK. We only care to block access from internets, so we now allow such connections. Signed-off-by: Joachim Wiberg <[email protected]>
westermo · Sep 6, 2021 · b3f5e66 · b3f5e66
1 parent 8c211ea
commit b3f5e66
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/accept-guard.c b/accept-guard.c
@@ -202,9 +202,12 @@ static int iface_allowed(int sd, int ifindex)
 	int port = 0;
 	int i;
 
-	/* If incoming interface cannot be identified, deny access. */
+	/*
+	 * If incoming interface cannot be identified, allow access.
+	 * Possibly an AF_UNIX socket or other local access.
+	 */
 	if (identify_inbound(sd, ifindex, ifname, sizeof(ifname), &port))
-		return 0;
+		return 1;
 
 	for (i = 0; i < MAX_IFACES; i++) {
 		/* If reached last item => deny access */