From 7fa449ca0c8ccccbb25a2f7023f09ae2184a78bb Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 27 Dec 2022 17:19:51 +0100
Subject: [PATCH] socketpair: allow localhost MITM sniffers

Windows allow programs to MITM connections to localhost. The previous
check here would detect that and error out. This new method writes data
to verify the pipe thus allowing MITM.

Reported-by: SerusDev on github
Fixes #10144
Closes #10169
---
 lib/socketpair.c | 27 ++++++++++++---------------
 1 file changed, 12 insertions(+), 15 deletions(-)

diff --git a/lib/socketpair.c b/lib/socketpair.c
index 0f8798f087..20e22bcb3c 100644
--- a/lib/socketpair.c
+++ b/lib/socketpair.c
@@ -65,7 +65,7 @@ int Curl_socketpair(int domain, int type, int protocol,
   union {
     struct sockaddr_in inaddr;
     struct sockaddr addr;
-  } a, a2;
+  } a;
   curl_socket_t listener;
   curl_socklen_t addrlen = sizeof(a.inaddr);
   int reuse = 1;
@@ -107,24 +107,21 @@ int Curl_socketpair(int domain, int type, int protocol,
   pfd[0].fd = listener;
   pfd[0].events = POLLIN;
   pfd[0].revents = 0;
-  (void)Curl_poll(pfd, 1, 10*1000); /* 10 seconds */
+  (void)Curl_poll(pfd, 1, 1000); /* one second */
   socks[1] = accept(listener, NULL, NULL);
   if(socks[1] == CURL_SOCKET_BAD)
     goto error;
+  else {
+    struct curltime check;
+    struct curltime now = Curl_now();
 
-  /* verify that nothing else connected */
-  addrlen = sizeof(a.inaddr);
-  if(getsockname(socks[0], &a.addr, &addrlen) == -1 ||
-     addrlen < (int)sizeof(a.inaddr))
-    goto error;
-  addrlen = sizeof(a2.inaddr);
-  if(getpeername(socks[1], &a2.addr, &addrlen) == -1 ||
-     addrlen < (int)sizeof(a2.inaddr))
-    goto error;
-  if(a.inaddr.sin_family != a2.inaddr.sin_family ||
-     a.inaddr.sin_addr.s_addr != a2.inaddr.sin_addr.s_addr ||
-     a.inaddr.sin_port != a2.inaddr.sin_port)
-    goto error;
+    /* write data to the socket */
+    swrite(socks[0], &now, sizeof(now));
+    /* verify that we read the correct data */
+    if((sizeof(now) != sread(socks[1], &check, sizeof(check)) ||
+        memcmp(&now, &check, sizeof(check))))
+      goto error;
+  }
 
   sclose(listener);
   return 0;
-- 
2.47.3