Nicolas Cellier uploaded a new version of VMMaker to project VM Maker:
http://source.squeak.org/VMMaker/VMMaker.oscog-nice.3250.mcz

==================== Summary ====================

Name: VMMaker.oscog-nice.3250
Author: nice
Time: 23 August 2022, 3:35:17.389121 pm
UUID: e2df5590-0905-0b41-a0df-4909944ea81d
Ancestors: VMMaker.oscog-nice.3249

The security plugin shall not access the socket before it is set

See related compiler warnings in generated code:

./../../src/plugins/SocketPlugin/SocketPlugin.c:1435:62: warning: variable 's' is uninitialized when used here [-Wuninitialized]
                okToListen =  ((sqInt (*) (sqInt, sqInt)) sCCLOPfn)((sqInt)s, port);
 
../../../src/plugins/SocketPlugin/SocketPlugin.c:1487:62: warning: variable 's' is uninitialized when used here [-Wuninitialized]
                okToListen =  ((sqInt (*) (sqInt, sqInt)) sCCLOPfn)((sqInt)s, port);

More over, it shall not access the socket if it is not validated, hence we have to protect access with an interpreterProxy failed check.

Same for (IPV4) address.

=============== Diff against VMMaker.oscog-nice.3249 ===============

Item was changed:
  ----- Method: SocketPlugin>>primitiveSocket:connectTo:port: (in category 'primitives') -----
  primitiveSocket: socket connectTo: address port: port 
  	| addr s okToConnect  |
  	<var: #s type: 'SocketPtr'>
  	self primitive: 'primitiveSocketConnectToPort' parameters: #(#Oop #ByteArray #SmallInteger ).
  	addr := self netAddressToInt: (self cCoerce: address to: 'unsigned char *').
  	"If the security plugin can be loaded, use it to check for permission.
  	If not, assume it's ok"
+ 	interpreterProxy failed ifFalse:
+ 		[sCCTPfn ~= 0 ifTrue:
+ 			[okToConnect := self cCode: ' ((sqInt (*) (sqInt, sqInt)) sCCTPfn)(addr, port)'.
+ 			 okToConnect ifFalse:
+ 				[^ interpreterProxy primitiveFail]]].
- 	sCCTPfn ~= 0 ifTrue:
- 		[okToConnect := self cCode: ' ((sqInt (*) (sqInt, sqInt)) sCCTPfn)(addr, port)'.
- 		 okToConnect ifFalse:
- 			[^ interpreterProxy primitiveFail]].
  	s := self socketValueOf: socket.
  	interpreterProxy failed ifFalse:
  		[self sqSocket: s ConnectTo: addr Port: port]!

Item was changed:
  ----- Method: SocketPlugin>>primitiveSocket:listenOnPort: (in category 'primitives') -----
  primitiveSocket: socket listenOnPort: port 
  	"one part of the wierdass dual prim primitiveSocketListenOnPort which 
  	was warped by some demented evil person determined to twist the very 
  	nature of reality"
  	| s  okToListen |
  	<var: #s type: 'SocketPtr '>
  	self primitive: 'primitiveSocketListenOnPort' parameters: #(#Oop #SmallInteger ).
  	s := self socketValueOf: socket.
  	"If the security plugin can be loaded, use it to check for permission.
  	If  not, assume it's ok"
- 	sCCLOPfn ~= 0 ifTrue:
- 		[okToListen := self cCode: ' ((sqInt (*) (sqInt, sqInt)) sCCLOPfn)((sqInt)s, port)'.
- 		 okToListen ifFalse:
- 			[^ interpreterProxy primitiveFail]].
  	interpreterProxy failed ifFalse:
+ 		[sCCLOPfn ~= 0 ifTrue:
+ 			[okToListen := self cCode: ' ((sqInt (*) (sqInt, sqInt)) sCCLOPfn)((sqInt)s, port)'.
+ 			 okToListen ifFalse:
+ 				[^ interpreterProxy primitiveFail]]].
+ 	interpreterProxy failed ifFalse:
  		[self sqSocket: s ListenOnPort: port]!

Item was changed:
  ----- Method: SocketPlugin>>primitiveSocket:listenOnPort:backlogSize: (in category 'primitives') -----
  primitiveSocket: socket listenOnPort: port backlogSize: backlog 
  	"second part of the wierdass dual prim primitiveSocketListenOnPort 
  	which was warped by some demented evil person determined to twist the 
  	very nature of reality"
  	| s okToListen |
  	<var: #s type: 'SocketPtr'>
  	self primitive: 'primitiveSocketListenOnPortBacklog' parameters: #(#Oop #SmallInteger #SmallInteger ).
  	"If the security plugin can be loaded, use it to check for permission.
  	If not, assume it's ok"
- 	sCCLOPfn ~= 0 ifTrue:
- 		[okToListen := self cCode: ' ((sqInt (*) (sqInt, sqInt)) sCCLOPfn)((sqInt)s, port)'.
- 		 okToListen ifFalse:
- 			[^interpreterProxy primitiveFail]].
  	s := self socketValueOf: socket.
  	interpreterProxy failed ifFalse:
+ 		[sCCLOPfn ~= 0 ifTrue:
+ 			[okToListen := self cCode: ' ((sqInt (*) (sqInt, sqInt)) sCCLOPfn)((sqInt)s, port)'.
+ 			 okToListen ifFalse:
+ 				[^interpreterProxy primitiveFail]]].
+ 	interpreterProxy failed ifFalse:
  		[self sqSocket: s ListenOnPort: port BacklogSize: backlog]!

Item was changed:
  ----- Method: SocketPlugin>>primitiveSocket:listenOnPort:backlogSize:interface: (in category 'primitives') -----
  primitiveSocket: socket listenOnPort: port backlogSize: backlog interface: ifAddr
  	"Bind a socket to the given port and interface address with no more than backlog pending connections.  The socket can be UDP, in which case the backlog should be specified as zero."
  
  	| s okToListen addr |
  	<var: #s type: #SocketPtr>
  	self primitive: 'primitiveSocketListenOnPortBacklogInterface' parameters: #(#Oop #SmallInteger #SmallInteger #ByteArray).
  	"If the security plugin can be loaded, use it to check for permission.
  	If  not, assume it's ok"
- 	sCCLOPfn ~= 0 ifTrue:
- 		[okToListen := self cCode: ' ((sqInt (*) (sqInt, sqInt)) sCCLOPfn)((sqInt)s, port)'.
- 		 okToListen ifFalse:
- 			[^ interpreterProxy primitiveFail]].
  	s := self socketValueOf: socket.
+ 	interpreterProxy failed ifFalse:
+ 		[sCCLOPfn ~= 0 ifTrue:
+ 			[okToListen := self cCode: ' ((sqInt (*) (sqInt, sqInt)) sCCLOPfn)((sqInt)s, port)'.
+ 			 okToListen ifFalse:
+ 				[^ interpreterProxy primitiveFail]]].
  	addr := self netAddressToInt: (self cCoerce: ifAddr to: #'unsigned char *').
  	interpreterProxy failed ifFalse:
  		[self sqSocket: s ListenOnPort: port BacklogSize: backlog Interface: addr]!