Mercurial > hg > nginx
annotate src/core/ngx_proxy_protocol.h @ 7119:fef61d26da39
Fixed buffer overread with unix sockets after accept().
Some OSes (notably macOS, NetBSD, and Solaris) allow unix socket addresses
larger than struct sockaddr_un. Moreover, some of them (macOS, Solaris)
return socklen of the socket address before it was truncated to fit the
buffer provided. As such, on these systems socklen must not be used without
additional check that it is within the buffer provided.
Appropriate checks added to ngx_event_accept() (after accept()),
ngx_event_recvmsg() (after recvmsg()), and ngx_set_inherited_sockets()
(after getsockname()).
We also obtain socket addresses via getsockname() in
ngx_connection_local_sockaddr(), but it does not need any checks as
it is only used for INET and INET6 sockets (as there can be no
wildcard unix sockets).
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Wed, 04 Oct 2017 21:19:33 +0300 |
| parents | a420cb1c170b |
| children | 06b01840bd42 |
| rev | line source |
|---|---|
|
5605
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
1 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
2 /* |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
3 * Copyright (C) Roman Arutyunyan |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
4 * Copyright (C) Nginx, Inc. |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
5 */ |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
6 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
7 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
8 #ifndef _NGX_PROXY_PROTOCOL_H_INCLUDED_ |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
9 #define _NGX_PROXY_PROTOCOL_H_INCLUDED_ |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
10 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
11 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
12 #include <ngx_config.h> |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
13 #include <ngx_core.h> |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
14 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
15 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
16 #define NGX_PROXY_PROTOCOL_MAX_HEADER 107 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
17 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
18 |
|
6185
a420cb1c170b
Core: renamed ngx_proxy_protocol_parse to ngx_proxy_protocol_read.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
19 u_char *ngx_proxy_protocol_read(ngx_connection_t *c, u_char *buf, |
|
5605
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
20 u_char *last); |
|
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
21 u_char *ngx_proxy_protocol_write(ngx_connection_t *c, u_char *buf, |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
22 u_char *last); |
|
5605
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
23 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
24 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
25 #endif /* _NGX_PROXY_PROTOCOL_H_INCLUDED_ */ |