Description
When one creates a UDP socket, it's possible to "connect" it... which means that the socket is associated with a specific endpoint pair: IP Address, Port #. When one writes to a UDP socket, there are two system calls that can be used: send() and sendto(). The send() call is to be used for a connected socket, e.g., send(fd, buffer, bufferLength), whereas the sendto() call is to be used for an unconnected socket, e.g., stndto(fd, buffer, bufferLength, remoteAddress, sizeof(remoteAddress).
It turns out that on a Linux host, it's possible to use the sendto() call on a connected socket, but, on a Macintosh host, the use of sendto() on a connected socket results in an error: the sendto() call returns the value "-1" and the system call fails.
The Java implementation of the UDP socket has some extra logic that determines if the underlying host is a Mac, and if so, the socket will be actually be connected, and this circumvents the system call error when the wrong system call is used, e.g., sendto() instead of send().
However, this approach introduces a security issue, because some applications create connected UDP sockets, to ensure that traffic that is written to them will always go to a predetermined IP address and port. When a "connected" socket isn't actually connected, then one can "hijack" the socket and write traffic through it to any desired destination. And, because the socket isn't actually connected, the security manager can't detect this "sin".
It turns out that on a Linux host, it's possible to use the sendto() call on a connected socket, but, on a Macintosh host, the use of sendto() on a connected socket results in an error: the sendto() call returns the value "-1" and the system call fails.
The Java implementation of the UDP socket has some extra logic that determines if the underlying host is a Mac, and if so, the socket will be actually be connected, and this circumvents the system call error when the wrong system call is used, e.g., sendto() instead of send().
However, this approach introduces a security issue, because some applications create connected UDP sockets, to ensure that traffic that is written to them will always go to a predetermined IP address and port. When a "connected" socket isn't actually connected, then one can "hijack" the socket and write traffic through it to any desired destination. And, because the socket isn't actually connected, the security manager can't detect this "sin".
Attachments
Issue Links
- relates to
-
JDK-7164518 No PortUnreachableException when connecting to a non-existing DatagramSocket (mac)
- Resolved