2 files changed, 35 insertions, 3 deletions

diff --git a/Changes b/Changes
index bddcff7..eac9d3f 100644
--- a/Changes
+++ b/Changes
@@ -1,5 +1,11 @@
 Revision history for libev, a high-performance and full-featured event loop.
 
+        - actually verify that local and remote port are matching in
+          libev's socketpair emulation, which makes denial-of-service
+          attacks harder (but not impossible - it's windows). Make sure
+          it even works under vista, which thinks that getpeername should
+          return some fantasy port number.
+
 3.51 Wed Dec 24 23:00:11 CET 2008
         - fix a bug where an inotify watcher was added twice, causing
           freezes on hash collisions (reported and analysed by Graham Leggett).
diff --git a/ev_win32.c b/ev_win32.c
index 2e0b300..c85c1ad 100644
--- a/ev_win32.c
+++ b/ev_win32.c
@@ -54,6 +54,8 @@ ev_pipe (int filedes [2])
 {
   struct sockaddr_in addr = { 0 };
   int addr_size = sizeof (addr);
+  struct sockaddr_in adr2;
+  int adr2_size;
   SOCKET listener;
   SOCKET sock [2] = { -1, -1 };
 
@@ -67,7 +69,7 @@ ev_pipe (int filedes [2])
   if (bind (listener, (struct sockaddr *)&addr, addr_size))
     goto fail;
 
-  if (getsockname(listener, (struct sockaddr *)&addr, &addr_size))
+  if (getsockname (listener, (struct sockaddr *)&addr, &addr_size))
     goto fail;
 
   if (listen (listener, 1))
@@ -76,10 +78,34 @@ ev_pipe (int filedes [2])
   if ((sock [0] = socket (AF_INET, SOCK_STREAM, 0)) == INVALID_SOCKET) 
     goto fail;
 
-  if (connect (sock[0], (struct sockaddr *)&addr, addr_size))
+  if (connect (sock [0], (struct sockaddr *)&addr, addr_size))
     goto fail;
 
-  if ((sock[1] = accept (listener, 0, 0)) < 0)
+  if ((sock [1] = accept (listener, 0, 0)) < 0)
+    goto fail;
+
+  /* windows vista returns fantasy port numbers for getpeername.
+   * example for two interconnected tcp sockets:
+   *
+   * (Socket::unpack_sockaddr_in getsockname $sock0)[0] == 53364
+   * (Socket::unpack_sockaddr_in getpeername $sock0)[0] == 53363
+   * (Socket::unpack_sockaddr_in getsockname $sock1)[0] == 53363
+   * (Socket::unpack_sockaddr_in getpeername $sock1)[0] == 53365
+   *
+   * wow! tridirectional sockets!
+   *
+   * this way of checking ports seems to work:
+   */
+  if (getpeername (sock [0], (struct sockaddr *)&addr, &addr_size))
+    goto fail;
+
+  if (getsockname (sock [1], (struct sockaddr *)&adr2, &adr2_size))
+    goto fail;
+
+  errno = WSAEINVAL;
+  if (addr_size != adr2_size
+      || addr.sin_addr.s_addr != adr2.sin_addr.s_addr /* just to be sure, I mean, it's windows */
+      || addr.sin_port        != adr2.sin_port)
     goto fail;
 
   closesocket (listener);