Mercurial > hg > nginx

comparison src/core/ngx_inet.c @ 6888:70539dd7abe5 stable-1.10

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Core: sockaddr lengths now respected by ngx_cmp_sockaddr(). Linux can return AF_UNIX sockaddrs with partially filled sun_path, resulting in spurious comparison failures and failed binary upgrades. Added proper checking of the lengths provided. Reported by Jan Seda, http://mailman.nginx.org/pipermail/nginx-devel/2016-September/008832.html.
author Maxim Dounin <mdounin@mdounin.ru>
date Mon, 10 Oct 2016 16:15:41 +0300
parents 7640d6c213e1
children
comparison
equal deleted inserted replaced
6887:17000e3ba589 6888:70539dd7abe5
1211 struct sockaddr_in *sin1, *sin2; 1211 struct sockaddr_in *sin1, *sin2;
1212 #if (NGX_HAVE_INET6) 1212 #if (NGX_HAVE_INET6)
1213 struct sockaddr_in6 *sin61, *sin62; 1213 struct sockaddr_in6 *sin61, *sin62;
1214 #endif 1214 #endif
1215 #if (NGX_HAVE_UNIX_DOMAIN) 1215 #if (NGX_HAVE_UNIX_DOMAIN)
1216 size_t len;
1216 struct sockaddr_un *saun1, *saun2; 1217 struct sockaddr_un *saun1, *saun2;
1217 #endif 1218 #endif
1218 1219
1219 if (sa1->sa_family != sa2->sa_family) { 1220 if (sa1->sa_family != sa2->sa_family) {
1220 return NGX_DECLINED; 1221 return NGX_DECLINED;
1240 #endif 1241 #endif
1241 1242
1242 #if (NGX_HAVE_UNIX_DOMAIN) 1243 #if (NGX_HAVE_UNIX_DOMAIN)
1243 case AF_UNIX: 1244 case AF_UNIX:
1244 1245
1245 /* TODO length */
1246
1247 saun1 = (struct sockaddr_un *) sa1; 1246 saun1 = (struct sockaddr_un *) sa1;
1248 saun2 = (struct sockaddr_un *) sa2; 1247 saun2 = (struct sockaddr_un *) sa2;
1249 1248
1250 if (ngx_memcmp(&saun1->sun_path, &saun2->sun_path, 1249 if (slen1 < slen2) {
1251 sizeof(saun1->sun_path)) 1250 len = slen1 - offsetof(struct sockaddr_un, sun_path);
1252 != 0) 1251
1253 { 1252 } else {
1253 len = slen2 - offsetof(struct sockaddr_un, sun_path);
1254 }
1255
1256 if (len > sizeof(saun1->sun_path)) {
1257 len = sizeof(saun1->sun_path);
1258 }
1259
1260 if (ngx_memcmp(&saun1->sun_path, &saun2->sun_path, len) != 0) {
1254 return NGX_DECLINED; 1261 return NGX_DECLINED;
1255 } 1262 }
1256 1263
1257 break; 1264 break;
1258 #endif 1265 #endif