Mercurial > hg > nginx
comparison src/event/ngx_event_accept.c @ 7283:d0b897c0bb5b
Events: fixed handling zero-length client address.
On Linux recvmsg() syscall may return a zero-length client address when
receiving a datagram from an unbound unix datagram socket. It is usually
assumed that socket address has at least the sa_family member. Zero-length
socket address caused buffer over-read in functions which receive socket
address, for example ngx_sock_ntop(). Typically the over-read resulted in
unexpected socket family followed by session close. Now a fake socket address
is allocated instead of a zero-length client address.
author | Roman Arutyunyan <arut@nginx.com> |
---|---|
date | Fri, 01 Jun 2018 16:53:02 +0300 |
parents | fef61d26da39 |
children | 52aacc8ddcc5 |
comparison
equal
deleted
inserted
replaced
7282:da9941c9b01b | 7283:d0b897c0bb5b |
---|---|
446 | 446 |
447 if (c->socklen > (socklen_t) sizeof(ngx_sockaddr_t)) { | 447 if (c->socklen > (socklen_t) sizeof(ngx_sockaddr_t)) { |
448 c->socklen = sizeof(ngx_sockaddr_t); | 448 c->socklen = sizeof(ngx_sockaddr_t); |
449 } | 449 } |
450 | 450 |
451 if (c->socklen == 0) { | |
452 | |
453 /* | |
454 * on Linux recvmsg() returns zero msg_namelen | |
455 * when receiving packets from unbound AF_UNIX sockets | |
456 */ | |
457 | |
458 c->socklen = sizeof(struct sockaddr); | |
459 ngx_memzero(&sa, sizeof(struct sockaddr)); | |
460 sa.sockaddr.sa_family = ls->sockaddr->sa_family; | |
461 } | |
462 | |
451 #if (NGX_STAT_STUB) | 463 #if (NGX_STAT_STUB) |
452 (void) ngx_atomic_fetch_add(ngx_stat_active, 1); | 464 (void) ngx_atomic_fetch_add(ngx_stat_active, 1); |
453 #endif | 465 #endif |
454 | 466 |
455 c->pool = ngx_create_pool(ls->pool_size, ev->log); | 467 c->pool = ngx_create_pool(ls->pool_size, ev->log); |