[Security][Bug] Prevent binding to all TCP interfaces (#5752)

683707c3 · Adarsh Shirawalmath · GitHub · a68ed766 · 683707c3
Unverified Commit 683707c3 authored May 06, 2025 by Adarsh Shirawalmath Committed by GitHub May 06, 2025
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 1 deletion

python/sglang/srt/distributed/device_communicators/shm_broadcast.py ...ang/srt/distributed/device_communicators/shm_broadcast.py +2 -1

No files found.
--- a/python/sglang/srt/distributed/device_communicators/shm_broadcast.py
+++ b/python/sglang/srt/distributed/device_communicators/shm_broadcast.py
@@ -225,7 +225,8 @@ class MessageQueue:
            remote_subscribe_port = get_open_port()
            if is_valid_ipv6_address(connect_ip):
                self.remote_socket.setsockopt(IPV6, 1)
-            socket_addr = f"tcp://*:{remote_subscribe_port}"
+                connect_ip = f"[{connect_ip}]"
+            socket_addr = f"tcp://{connect_ip}:{remote_subscribe_port}"
            self.remote_socket.bind(socket_addr)
        else: