Changeset 6888:70539dd7abe5 in nginx


Ignore:
Timestamp:
10/10/16 13:15:41 (3 years ago)
Author:
Maxim Dounin <mdounin@…>
Branch:
stable-1.10
Phase:
public
Graft:
6731:3f94a0fc05cf
Message:

Core: sockaddr lengths now respected by ngx_cmp_sockaddr().

Linux can return AF_UNIX sockaddrs with partially filled sun_path,
resulting in spurious comparison failures and failed binary upgrades.
Added proper checking of the lengths provided.

Reported by Jan Seda,
http://mailman.nginx.org/pipermail/nginx-devel/2016-September/008832.html.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • src/core/ngx_inet.c

    r6509 r6888  
    12141214#endif
    12151215#if (NGX_HAVE_UNIX_DOMAIN)
     1216    size_t                len;
    12161217    struct sockaddr_un   *saun1, *saun2;
    12171218#endif
     
    12431244    case AF_UNIX:
    12441245
    1245         /* TODO length */
    1246 
    12471246        saun1 = (struct sockaddr_un *) sa1;
    12481247        saun2 = (struct sockaddr_un *) sa2;
    12491248
    1250         if (ngx_memcmp(&saun1->sun_path, &saun2->sun_path,
    1251                        sizeof(saun1->sun_path))
    1252             != 0)
    1253         {
     1249        if (slen1 < slen2) {
     1250            len = slen1 - offsetof(struct sockaddr_un, sun_path);
     1251
     1252        } else {
     1253            len = slen2 - offsetof(struct sockaddr_un, sun_path);
     1254        }
     1255
     1256        if (len > sizeof(saun1->sun_path)) {
     1257            len = sizeof(saun1->sun_path);
     1258        }
     1259
     1260        if (ngx_memcmp(&saun1->sun_path, &saun2->sun_path, len) != 0) {
    12541261            return NGX_DECLINED;
    12551262        }
Note: See TracChangeset for help on using the changeset viewer.