Mercurial > hg > nginx

comparison src/core/ngx_inet.c @ 6731:3f94a0fc05cf

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Core: sockaddr lengths now respected by ngx_cmp_sockaddr(). Linux can return AF_UNIX sockaddrs with partially filled sun_path, resulting in spurious comparison failures and failed binary upgrades. Added proper checking of the lengths provided. Reported by Jan Seda, http://mailman.nginx.org/pipermail/nginx-devel/2016-September/008832.html.
author Maxim Dounin <mdounin@mdounin.ru>
date Mon, 10 Oct 2016 16:15:41 +0300
parents b802b7e1d9bc
children 874171c3c71a
comparison
equal deleted inserted replaced
6730:1606a817c1d4 6731:3f94a0fc05cf
1362 struct sockaddr_in *sin1, *sin2; 1362 struct sockaddr_in *sin1, *sin2;
1363 #if (NGX_HAVE_INET6) 1363 #if (NGX_HAVE_INET6)
1364 struct sockaddr_in6 *sin61, *sin62; 1364 struct sockaddr_in6 *sin61, *sin62;
1365 #endif 1365 #endif
1366 #if (NGX_HAVE_UNIX_DOMAIN) 1366 #if (NGX_HAVE_UNIX_DOMAIN)
1367 size_t len;
1367 struct sockaddr_un *saun1, *saun2; 1368 struct sockaddr_un *saun1, *saun2;
1368 #endif 1369 #endif
1369 1370
1370 if (sa1->sa_family != sa2->sa_family) { 1371 if (sa1->sa_family != sa2->sa_family) {
1371 return NGX_DECLINED; 1372 return NGX_DECLINED;
1391 #endif 1392 #endif
1392 1393
1393 #if (NGX_HAVE_UNIX_DOMAIN) 1394 #if (NGX_HAVE_UNIX_DOMAIN)
1394 case AF_UNIX: 1395 case AF_UNIX:
1395 1396
1396 /* TODO length */
1397
1398 saun1 = (struct sockaddr_un *) sa1; 1397 saun1 = (struct sockaddr_un *) sa1;
1399 saun2 = (struct sockaddr_un *) sa2; 1398 saun2 = (struct sockaddr_un *) sa2;
1400 1399
1401 if (ngx_memcmp(&saun1->sun_path, &saun2->sun_path, 1400 if (slen1 < slen2) {
1402 sizeof(saun1->sun_path)) 1401 len = slen1 - offsetof(struct sockaddr_un, sun_path);
1403 != 0) 1402
1404 { 1403 } else {
1404 len = slen2 - offsetof(struct sockaddr_un, sun_path);
1405 }
1406
1407 if (len > sizeof(saun1->sun_path)) {
1408 len = sizeof(saun1->sun_path);
1409 }
1410
1411 if (ngx_memcmp(&saun1->sun_path, &saun2->sun_path, len) != 0) {
1405 return NGX_DECLINED; 1412 return NGX_DECLINED;
1406 } 1413 }
1407 1414
1408 break; 1415 break;
1409 #endif 1416 #endif