Mercurial > hg > nginx
comparison src/core/ngx_inet.c @ 6731:3f94a0fc05cf
Core: sockaddr lengths now respected by ngx_cmp_sockaddr().
Linux can return AF_UNIX sockaddrs with partially filled sun_path,
resulting in spurious comparison failures and failed binary upgrades.
Added proper checking of the lengths provided.
Reported by Jan Seda,
http://mailman.nginx.org/pipermail/nginx-devel/2016-September/008832.html.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 10 Oct 2016 16:15:41 +0300 |
parents | b802b7e1d9bc |
children | 874171c3c71a |
comparison
equal
deleted
inserted
replaced
6730:1606a817c1d4 | 6731:3f94a0fc05cf |
---|---|
1362 struct sockaddr_in *sin1, *sin2; | 1362 struct sockaddr_in *sin1, *sin2; |
1363 #if (NGX_HAVE_INET6) | 1363 #if (NGX_HAVE_INET6) |
1364 struct sockaddr_in6 *sin61, *sin62; | 1364 struct sockaddr_in6 *sin61, *sin62; |
1365 #endif | 1365 #endif |
1366 #if (NGX_HAVE_UNIX_DOMAIN) | 1366 #if (NGX_HAVE_UNIX_DOMAIN) |
1367 size_t len; | |
1367 struct sockaddr_un *saun1, *saun2; | 1368 struct sockaddr_un *saun1, *saun2; |
1368 #endif | 1369 #endif |
1369 | 1370 |
1370 if (sa1->sa_family != sa2->sa_family) { | 1371 if (sa1->sa_family != sa2->sa_family) { |
1371 return NGX_DECLINED; | 1372 return NGX_DECLINED; |
1391 #endif | 1392 #endif |
1392 | 1393 |
1393 #if (NGX_HAVE_UNIX_DOMAIN) | 1394 #if (NGX_HAVE_UNIX_DOMAIN) |
1394 case AF_UNIX: | 1395 case AF_UNIX: |
1395 | 1396 |
1396 /* TODO length */ | |
1397 | |
1398 saun1 = (struct sockaddr_un *) sa1; | 1397 saun1 = (struct sockaddr_un *) sa1; |
1399 saun2 = (struct sockaddr_un *) sa2; | 1398 saun2 = (struct sockaddr_un *) sa2; |
1400 | 1399 |
1401 if (ngx_memcmp(&saun1->sun_path, &saun2->sun_path, | 1400 if (slen1 < slen2) { |
1402 sizeof(saun1->sun_path)) | 1401 len = slen1 - offsetof(struct sockaddr_un, sun_path); |
1403 != 0) | 1402 |
1404 { | 1403 } else { |
1404 len = slen2 - offsetof(struct sockaddr_un, sun_path); | |
1405 } | |
1406 | |
1407 if (len > sizeof(saun1->sun_path)) { | |
1408 len = sizeof(saun1->sun_path); | |
1409 } | |
1410 | |
1411 if (ngx_memcmp(&saun1->sun_path, &saun2->sun_path, len) != 0) { | |
1405 return NGX_DECLINED; | 1412 return NGX_DECLINED; |
1406 } | 1413 } |
1407 | 1414 |
1408 break; | 1415 break; |
1409 #endif | 1416 #endif |