changeset 7121:924b6ef942bf

Fixed handling of unix sockets in $binary_remote_addr. Previously, unix sockets were treated as AF_INET ones, and this may result in buffer overread on Linux, where unbound unix sockets have 2-byte addresses. Note that it is not correct to use just sun_path as a binary representation for unix sockets. This will result in an empty string for unbound unix sockets, and thus behaviour of limit_req and limit_conn will change when switching from $remote_addr to $binary_remote_addr. As such, normal text representation is used. Reported by Stephan Dollberg.
author Maxim Dounin <mdounin@mdounin.ru>
date Wed, 04 Oct 2017 21:19:42 +0300
parents 874171c3c71a
children 935b1902a7dd
files src/http/ngx_http_variables.c src/stream/ngx_stream_variables.c
diffstat 2 files changed, 24 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/src/http/ngx_http_variables.c
+++ b/src/http/ngx_http_variables.c
@@ -1240,6 +1240,18 @@ ngx_http_variable_binary_remote_addr(ngx
         break;
 #endif
 
+#if (NGX_HAVE_UNIX_DOMAIN)
+    case AF_UNIX:
+
+        v->len = r->connection->addr_text.len;
+        v->valid = 1;
+        v->no_cacheable = 0;
+        v->not_found = 0;
+        v->data = r->connection->addr_text.data;
+
+        break;
+#endif
+
     default: /* AF_INET */
         sin = (struct sockaddr_in *) r->connection->sockaddr;
 
--- a/src/stream/ngx_stream_variables.c
+++ b/src/stream/ngx_stream_variables.c
@@ -481,6 +481,18 @@ ngx_stream_variable_binary_remote_addr(n
         break;
 #endif
 
+#if (NGX_HAVE_UNIX_DOMAIN)
+    case AF_UNIX:
+
+        v->len = s->connection->addr_text.len;
+        v->valid = 1;
+        v->no_cacheable = 0;
+        v->not_found = 0;
+        v->data = s->connection->addr_text.data;
+
+        break;
+#endif
+
     default: /* AF_INET */
         sin = (struct sockaddr_in *) s->connection->sockaddr;