nginx-quic: src/core/ngx_murmurhash.c annotate

annotate src/core/ngx_murmurhash.c @ 7119:fef61d26da39

Fixed buffer overread with unix sockets after accept(). Some OSes (notably macOS, NetBSD, and Solaris) allow unix socket addresses larger than struct sockaddr_un. Moreover, some of them (macOS, Solaris) return socklen of the socket address before it was truncated to fit the buffer provided. As such, on these systems socklen must not be used without additional check that it is within the buffer provided. Appropriate checks added to ngx_event_accept() (after accept()), ngx_event_recvmsg() (after recvmsg()), and ngx_set_inherited_sockets() (after getsockname()). We also obtain socket addresses via getsockname() in ngx_connection_local_sockaddr(), but it does not need any checks as it is only used for INET and INET6 sockets (as there can be no wildcard unix sockets).

author	Maxim Dounin <mdounin@mdounin.ru>
date	Wed, 04 Oct 2017 21:19:33 +0300
parents	f38647c651a8
children

rev	line source
3891 203eb026ec07 ngx_murmur_hash2() Igor Sysoev <igor@sysoev.ru> parents: diff changeset	1
203eb026ec07 ngx_murmur_hash2() Igor Sysoev <igor@sysoev.ru> parents: diff changeset	2 /*
203eb026ec07 ngx_murmur_hash2() Igor Sysoev <igor@sysoev.ru> parents: diff changeset	3 * Copyright (C) Austin Appleby
203eb026ec07 ngx_murmur_hash2() Igor Sysoev <igor@sysoev.ru> parents: diff changeset	4 */
203eb026ec07 ngx_murmur_hash2() Igor Sysoev <igor@sysoev.ru> parents: diff changeset	5
203eb026ec07 ngx_murmur_hash2() Igor Sysoev <igor@sysoev.ru> parents: diff changeset	6
203eb026ec07 ngx_murmur_hash2() Igor Sysoev <igor@sysoev.ru> parents: diff changeset	7 #include <ngx_config.h>
203eb026ec07 ngx_murmur_hash2() Igor Sysoev <igor@sysoev.ru> parents: diff changeset	8 #include <ngx_core.h>
203eb026ec07 ngx_murmur_hash2() Igor Sysoev <igor@sysoev.ru> parents: diff changeset	9
203eb026ec07 ngx_murmur_hash2() Igor Sysoev <igor@sysoev.ru> parents: diff changeset	10
203eb026ec07 ngx_murmur_hash2() Igor Sysoev <igor@sysoev.ru> parents: diff changeset	11 uint32_t
203eb026ec07 ngx_murmur_hash2() Igor Sysoev <igor@sysoev.ru> parents: diff changeset	12 ngx_murmur_hash2(u_char *data, size_t len)
203eb026ec07 ngx_murmur_hash2() Igor Sysoev <igor@sysoev.ru> parents: diff changeset	13 {
203eb026ec07 ngx_murmur_hash2() Igor Sysoev <igor@sysoev.ru> parents: diff changeset	14 uint32_t h, k;
203eb026ec07 ngx_murmur_hash2() Igor Sysoev <igor@sysoev.ru> parents: diff changeset	15
203eb026ec07 ngx_murmur_hash2() Igor Sysoev <igor@sysoev.ru> parents: diff changeset	16 h = 0 ^ len;
203eb026ec07 ngx_murmur_hash2() Igor Sysoev <igor@sysoev.ru> parents: diff changeset	17
203eb026ec07 ngx_murmur_hash2() Igor Sysoev <igor@sysoev.ru> parents: diff changeset	18 while (len >= 4) {
203eb026ec07 ngx_murmur_hash2() Igor Sysoev <igor@sysoev.ru> parents: diff changeset	19 k = data[0];
203eb026ec07 ngx_murmur_hash2() Igor Sysoev <igor@sysoev.ru> parents: diff changeset	20 k \|= data[1] << 8;
203eb026ec07 ngx_murmur_hash2() Igor Sysoev <igor@sysoev.ru> parents: diff changeset	21 k \|= data[2] << 16;
203eb026ec07 ngx_murmur_hash2() Igor Sysoev <igor@sysoev.ru> parents: diff changeset	22 k \|= data[3] << 24;
203eb026ec07 ngx_murmur_hash2() Igor Sysoev <igor@sysoev.ru> parents: diff changeset	23
203eb026ec07 ngx_murmur_hash2() Igor Sysoev <igor@sysoev.ru> parents: diff changeset	24 k *= 0x5bd1e995;
203eb026ec07 ngx_murmur_hash2() Igor Sysoev <igor@sysoev.ru> parents: diff changeset	25 k ^= k >> 24;
203eb026ec07 ngx_murmur_hash2() Igor Sysoev <igor@sysoev.ru> parents: diff changeset	26 k *= 0x5bd1e995;
203eb026ec07 ngx_murmur_hash2() Igor Sysoev <igor@sysoev.ru> parents: diff changeset	27
203eb026ec07 ngx_murmur_hash2() Igor Sysoev <igor@sysoev.ru> parents: diff changeset	28 h *= 0x5bd1e995;
203eb026ec07 ngx_murmur_hash2() Igor Sysoev <igor@sysoev.ru> parents: diff changeset	29 h ^= k;
203eb026ec07 ngx_murmur_hash2() Igor Sysoev <igor@sysoev.ru> parents: diff changeset	30
203eb026ec07 ngx_murmur_hash2() Igor Sysoev <igor@sysoev.ru> parents: diff changeset	31 data += 4;
203eb026ec07 ngx_murmur_hash2() Igor Sysoev <igor@sysoev.ru> parents: diff changeset	32 len -= 4;
203eb026ec07 ngx_murmur_hash2() Igor Sysoev <igor@sysoev.ru> parents: diff changeset	33 }
203eb026ec07 ngx_murmur_hash2() Igor Sysoev <igor@sysoev.ru> parents: diff changeset	34
203eb026ec07 ngx_murmur_hash2() Igor Sysoev <igor@sysoev.ru> parents: diff changeset	35 switch (len) {
203eb026ec07 ngx_murmur_hash2() Igor Sysoev <igor@sysoev.ru> parents: diff changeset	36 case 3:
203eb026ec07 ngx_murmur_hash2() Igor Sysoev <igor@sysoev.ru> parents: diff changeset	37 h ^= data[2] << 16;
6994 f38647c651a8 Added missing "fall through" comments (ticket #1259). Maxim Dounin <mdounin@mdounin.ru> parents: 3891 diff changeset	38 /* fall through */
3891 203eb026ec07 ngx_murmur_hash2() Igor Sysoev <igor@sysoev.ru> parents: diff changeset	39 case 2:
203eb026ec07 ngx_murmur_hash2() Igor Sysoev <igor@sysoev.ru> parents: diff changeset	40 h ^= data[1] << 8;
6994 f38647c651a8 Added missing "fall through" comments (ticket #1259). Maxim Dounin <mdounin@mdounin.ru> parents: 3891 diff changeset	41 /* fall through */
3891 203eb026ec07 ngx_murmur_hash2() Igor Sysoev <igor@sysoev.ru> parents: diff changeset	42 case 1:
203eb026ec07 ngx_murmur_hash2() Igor Sysoev <igor@sysoev.ru> parents: diff changeset	43 h ^= data[0];
203eb026ec07 ngx_murmur_hash2() Igor Sysoev <igor@sysoev.ru> parents: diff changeset	44 h *= 0x5bd1e995;
203eb026ec07 ngx_murmur_hash2() Igor Sysoev <igor@sysoev.ru> parents: diff changeset	45 }
203eb026ec07 ngx_murmur_hash2() Igor Sysoev <igor@sysoev.ru> parents: diff changeset	46
203eb026ec07 ngx_murmur_hash2() Igor Sysoev <igor@sysoev.ru> parents: diff changeset	47 h ^= h >> 13;
203eb026ec07 ngx_murmur_hash2() Igor Sysoev <igor@sysoev.ru> parents: diff changeset	48 h *= 0x5bd1e995;
203eb026ec07 ngx_murmur_hash2() Igor Sysoev <igor@sysoev.ru> parents: diff changeset	49 h ^= h >> 15;
203eb026ec07 ngx_murmur_hash2() Igor Sysoev <igor@sysoev.ru> parents: diff changeset	50
203eb026ec07 ngx_murmur_hash2() Igor Sysoev <igor@sysoev.ru> parents: diff changeset	51 return h;
203eb026ec07 ngx_murmur_hash2() Igor Sysoev <igor@sysoev.ru> parents: diff changeset	52 }

Mercurial > hg > nginx-quic

annotate src/core/ngx_murmurhash.c @ 7119:fef61d26da39