lighttpd
/
lighttpd1.4
2
0
Fork 0
Code Issues Releases Wiki Activity

[mod_fastcgi/mod_scgi] zero sockaddr structs before use (fixes #2691) 

When a sockaddr_un, sockaddr_in or sockaddr_in6 structure
is allocated on the stack or heap, it may contain random
byte values.

The "unused" and "reserved" parts must be zerod otherwise
unexpected failures may occur.  The simplest way to do
this and be compatible with various platforms' struct
layouts is just to memset them to 0.

Signed-off-by: Kyle J. McKay <mackyle@gmail.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3059 152afb58-edef-0310-8abb-c4023f1b3aa9
This commit is contained in:
Kyle J. McKay 2015-12-04 20:22:42 +00:00 committed by Stefan Bühler
parent ab05eb7cec
commit b0ecb4d44b
3 changed files with 9 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
NEWS
View File

@ -17,6 +17,7 @@ NEWS
* [core] add '~' to safe characters in ENCODING_REL_URI/ENCODING_REL_URI_PART encoding
* [core] encode path with ENCODING_REL_URI in redirect to directory (fixes #2661, thx gstrauss)
* [mod_secdownload] add required algorithm option; old behaviour available as "md5", new options "hmac-sha1" and "hmac-sha256"
* [mod_fastcgi/mod_scgi] zero sockaddr structs before use (fixes #2691, thx Kyle J. McKay)
- 1.4.37 - 2015-08-30
* [mod_proxy] remove debug log line from error log (fixes #2659)

8
src/mod_fastcgi.c
View File

@ -859,9 +859,8 @@ static int fcgi_spawn_connection(server *srv,
}
if (!buffer_string_is_empty(proc->unixsocket)) {
memset(&fcgi_addr, 0, sizeof(fcgi_addr));
#ifdef HAVE_SYS_UN_H
memset(&fcgi_addr_un, 0, sizeof(fcgi_addr_un));
fcgi_addr_un.sun_family = AF_UNIX;
if (buffer_string_length(proc->unixsocket) + 1 > sizeof(fcgi_addr_un.sun_path)) {
log_error_write(srv, __FILE__, __LINE__, "sB",
@ -889,6 +888,7 @@ static int fcgi_spawn_connection(server *srv,
return -1;
#endif
} else {
memset(&fcgi_addr_in, 0, sizeof(fcgi_addr_in));
fcgi_addr_in.sin_family = AF_INET;
if (buffer_string_is_empty(host->host)) {
@ -1660,11 +1660,10 @@ static connection_result_t fcgi_establish_connection(server *srv, handler_ctx *h
fcgi_proc *proc = hctx->proc;
int fcgi_fd = hctx->fd;
memset(&fcgi_addr, 0, sizeof(fcgi_addr));
if (!buffer_string_is_empty(proc->unixsocket)) {
#ifdef HAVE_SYS_UN_H
/* use the unix domain socket */
memset(&fcgi_addr_un, 0, sizeof(fcgi_addr_un));
fcgi_addr_un.sun_family = AF_UNIX;
if (buffer_string_length(proc->unixsocket) + 1 > sizeof(fcgi_addr_un.sun_path)) {
log_error_write(srv, __FILE__, __LINE__, "sB",
@ -1691,6 +1690,7 @@ static connection_result_t fcgi_establish_connection(server *srv, handler_ctx *h
return CONNECTION_DEAD;
#endif
} else {
memset(&fcgi_addr_in, 0, sizeof(fcgi_addr_in));
fcgi_addr_in.sin_family = AF_INET;
if (!buffer_string_is_empty(host->host)) {
if (0 == inet_aton(host->host->ptr, &(fcgi_addr_in.sin_addr))) {

8
src/mod_scgi.c
View File

@ -666,9 +666,8 @@ static int scgi_spawn_connection(server *srv,
}
if (!buffer_string_is_empty(proc->socket)) {
memset(&scgi_addr, 0, sizeof(scgi_addr));
#ifdef HAVE_SYS_UN_H
memset(&scgi_addr_un, 0, sizeof(scgi_addr_un));
scgi_addr_un.sun_family = AF_UNIX;
if (buffer_string_length(proc->socket) + 1 > sizeof(scgi_addr_un.sun_path)) {
log_error_write(srv, __FILE__, __LINE__, "sB",
@ -692,6 +691,7 @@ static int scgi_spawn_connection(server *srv,
return -1;
#endif
} else {
memset(&scgi_addr_in, 0, sizeof(scgi_addr_in));
scgi_addr_in.sin_family = AF_INET;
if (buffer_string_is_empty(host->host)) {
@ -1339,11 +1339,10 @@ static int scgi_establish_connection(server *srv, handler_ctx *hctx) {
scgi_proc *proc = hctx->proc;
int scgi_fd = hctx->fd;
memset(&scgi_addr, 0, sizeof(scgi_addr));
if (!buffer_string_is_empty(proc->socket)) {
#ifdef HAVE_SYS_UN_H
/* use the unix domain socket */
memset(&scgi_addr_un, 0, sizeof(scgi_addr_un));
scgi_addr_un.sun_family = AF_UNIX;
if (buffer_string_length(proc->socket) + 1 > sizeof(scgi_addr_un.sun_path)) {
log_error_write(srv, __FILE__, __LINE__, "sB",
@ -1364,6 +1363,7 @@ static int scgi_establish_connection(server *srv, handler_ctx *hctx) {
return -1;
#endif
} else {
memset(&scgi_addr_in, 0, sizeof(scgi_addr_in));
scgi_addr_in.sin_family = AF_INET;
if (0 == inet_aton(host->host->ptr, &(scgi_addr_in.sin_addr))) {
log_error_write(srv, __FILE__, __LINE__, "sbs",