Fixed socket protocol check logic in socket()

4 files changed, 21 insertions, 10 deletions

diff --git a/ext/lwipopts.h b/ext/lwipopts.h
index 4f867e71..e7b78a8f 100644
--- a/ext/lwipopts.h
+++ b/ext/lwipopts.h
@@ -130,7 +130,7 @@
  * MEMP_NUM_RAW_PCB: Number of raw connection PCBs
  * (requires the LWIP_RAW option)
  */
-#define MEMP_NUM_RAW_PCB                1
+#define MEMP_NUM_RAW_PCB                128
 
 /**
  * MEMP_NUM_UDP_PCB: the number of UDP protocol control blocks. One
diff --git a/netcon/NetconEthernetTap.cpp b/netcon/NetconEthernetTap.cpp
index 824f1734..11c877cc 100644
--- a/netcon/NetconEthernetTap.cpp
+++ b/netcon/NetconEthernetTap.cpp
@@ -520,8 +520,12 @@ err_t NetconEthernetTap::nc_accept(void *arg, struct tcp_pcb *newpcb, err_t err)
 
   if(conn) {
 		ZT_PHY_SOCKFD_TYPE fds[2];
-		socketpair(PF_LOCAL, SOCK_STREAM, 0, fds);
-
+		if(socketpair(PF_LOCAL, SOCK_STREAM, 0, fds) < 0) {
+			if(errno < 0) {
+				l->tap->send_return_value(conn, -1, errno);
+				return ERR_MEM;
+			}
+		}
 		TcpConnection *new_tcp_conn = new TcpConnection();
 		new_tcp_conn->dataSock = tap->_phy.wrapSocket(fds[0], new_tcp_conn);
 		new_tcp_conn->rpcSock = conn->rpcSock;
@@ -916,7 +920,12 @@ void NetconEthernetTap::handle_socket(PhySocket *sock, void **uptr, struct socke
 	struct tcp_pcb *newpcb = lwipstack->tcp_new();
   if(newpcb != NULL) {
 		ZT_PHY_SOCKFD_TYPE fds[2];
-		socketpair(PF_LOCAL, SOCK_STREAM, 0, fds);
+		if(socketpair(PF_LOCAL, SOCK_STREAM, 0, fds) < 0) {
+			if(errno < 0) {
+				send_return_value(_phy.getDescriptor(sock), -1, errno);
+				return;
+			}
+		}
 		TcpConnection *new_conn = new TcpConnection();
 		new_conn->dataSock = _phy.wrapSocket(fds[0], new_conn);
 		*uptr = new_conn;
@@ -950,7 +959,7 @@ void NetconEthernetTap::handle_socket(PhySocket *sock, void **uptr, struct socke
 	[i] EACCES - For UNIX domain sockets, which are identified by pathname: Write permission is denied ...
 	[ ] EACCES, EPERM - The user tried to connect to a broadcast address without having the socket broadcast flag enabled ...
 	[i] EADDRINUSE - Local address is already in use.
-	[i] EAFNOSUPPORT - The passed address didn't have the correct address family in its sa_family field.
+	[?] EAFNOSUPPORT - The passed address didn't have the correct address family in its sa_family field.
 	[ ] EAGAIN - No more free local ports or insufficient entries in the routing cache.
 	[ ] EALREADY - The socket is nonblocking and a previous connection attempt has not yet been completed.
 	[ ] EBADF - The file descriptor is not a valid index in the descriptor table.
diff --git a/netcon/intercept.c b/netcon/intercept.c
index 41ad804c..a2d6e31a 100755
--- a/netcon/intercept.c
+++ b/netcon/intercept.c
@@ -515,15 +515,16 @@ void sock_domain_to_str(int domain)
 int socket(SOCKET_SIG)
 {
 #ifdef CHECKS
+  /* Check that type makes sense */
+  int flags = socket_type & ~SOCK_TYPE_MASK;
+  if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
+    return -EINVAL;
+  socket_type &= SOCK_TYPE_MASK;
   /* Check protocol is in range */
   if (socket_family < 0 || socket_family >= NPROTO)
     return -EAFNOSUPPORT;
   if (socket_type < 0 || socket_type >= SOCK_MAX)
     return -EINVAL;
-  /* Check that type makes sense */
-  int flags = socket_type & ~SOCK_TYPE_MASK;
-  if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
-    return -EINVAL;
 #endif
 
 #ifdef DUMMY
@@ -658,7 +659,8 @@ int connect(CONNECT_SIG)
 ---------------------------------- select() ------------------------------------
 ------------------------------------------------------------------------------*/
 
-/* int n, fd_set *readfds, fd_set *writefds, fd_set *exceptfds, struct timeval *timeout */
+/* int n, fd_set *readfds, fd_set *writefds,
+fd_set *exceptfds, struct timeval *timeout */
 int select(SELECT_SIG)
 {
 #ifdef DUMMY
diff --git a/netcon/libintercept.so.1.0 b/netcon/libintercept.so.1.0
index 221d2428..d0b5ffda 100755
--- a/netcon/libintercept.so.1.0
+++ b/netcon/libintercept.so.1.0