Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8005793

Connected UDP sockets are not actually connected on a Macintosh

    XMLWordPrintable

Details

    • Bug
    • Resolution: Duplicate
    • P4
    • None
    • None
    • core-libs
    • None
    • Macintosh

    • generic
    • os_x

    Description

      When one creates a UDP socket, it's possible to "connect" it... which means that the socket is associated with a specific endpoint pair: IP Address, Port #. When one writes to a UDP socket, there are two system calls that can be used: send() and sendto(). The send() call is to be used for a connected socket, e.g., send(fd, buffer, bufferLength), whereas the sendto() call is to be used for an unconnected socket, e.g., stndto(fd, buffer, bufferLength, remoteAddress, sizeof(remoteAddress).

      It turns out that on a Linux host, it's possible to use the sendto() call on a connected socket, but, on a Macintosh host, the use of sendto() on a connected socket results in an error: the sendto() call returns the value "-1" and the system call fails.

      The Java implementation of the UDP socket has some extra logic that determines if the underlying host is a Mac, and if so, the socket will be actually be connected, and this circumvents the system call error when the wrong system call is used, e.g., sendto() instead of send().

      However, this approach introduces a security issue, because some applications create connected UDP sockets, to ensure that traffic that is written to them will always go to a predetermined IP address and port. When a "connected" socket isn't actually connected, then one can "hijack" the socket and write traffic through it to any desired destination. And, because the socket isn't actually connected, the security manager can't detect this "sin".

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              jzavgren John Zavgren (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: