Browse Source

[mod_fastcgi/mod_scgi] zero sockaddr structs before use (fixes #2691)

When a sockaddr_un, sockaddr_in or sockaddr_in6 structure
is allocated on the stack or heap, it may contain random
byte values.

The "unused" and "reserved" parts must be zerod otherwise
unexpected failures may occur.  The simplest way to do
this and be compatible with various platforms' struct
layouts is just to memset them to 0.

Signed-off-by: Kyle J. McKay <mackyle@gmail.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3059 152afb58-edef-0310-8abb-c4023f1b3aa9
svn/tags/lighttpd-1.4.38
Kyle J. McKay 6 years ago
committed by Stefan Bühler
parent
commit
b0ecb4d44b
  1. 1
      NEWS
  2. 8
      src/mod_fastcgi.c
  3. 8
      src/mod_scgi.c

1
NEWS

@ -17,6 +17,7 @@ NEWS
* [core] add '~' to safe characters in ENCODING_REL_URI/ENCODING_REL_URI_PART encoding
* [core] encode path with ENCODING_REL_URI in redirect to directory (fixes #2661, thx gstrauss)
* [mod_secdownload] add required algorithm option; old behaviour available as "md5", new options "hmac-sha1" and "hmac-sha256"
* [mod_fastcgi/mod_scgi] zero sockaddr structs before use (fixes #2691, thx Kyle J. McKay)
- 1.4.37 - 2015-08-30
* [mod_proxy] remove debug log line from error log (fixes #2659)

8
src/mod_fastcgi.c

@ -859,9 +859,8 @@ static int fcgi_spawn_connection(server *srv,
}
if (!buffer_string_is_empty(proc->unixsocket)) {
memset(&fcgi_addr, 0, sizeof(fcgi_addr));
#ifdef HAVE_SYS_UN_H
memset(&fcgi_addr_un, 0, sizeof(fcgi_addr_un));
fcgi_addr_un.sun_family = AF_UNIX;
if (buffer_string_length(proc->unixsocket) + 1 > sizeof(fcgi_addr_un.sun_path)) {
log_error_write(srv, __FILE__, __LINE__, "sB",
@ -889,6 +888,7 @@ static int fcgi_spawn_connection(server *srv,
return -1;
#endif
} else {
memset(&fcgi_addr_in, 0, sizeof(fcgi_addr_in));
fcgi_addr_in.sin_family = AF_INET;
if (buffer_string_is_empty(host->host)) {
@ -1660,11 +1660,10 @@ static connection_result_t fcgi_establish_connection(server *srv, handler_ctx *h
fcgi_proc *proc = hctx->proc;
int fcgi_fd = hctx->fd;
memset(&fcgi_addr, 0, sizeof(fcgi_addr));
if (!buffer_string_is_empty(proc->unixsocket)) {
#ifdef HAVE_SYS_UN_H
/* use the unix domain socket */
memset(&fcgi_addr_un, 0, sizeof(fcgi_addr_un));
fcgi_addr_un.sun_family = AF_UNIX;
if (buffer_string_length(proc->unixsocket) + 1 > sizeof(fcgi_addr_un.sun_path)) {
log_error_write(srv, __FILE__, __LINE__, "sB",
@ -1691,6 +1690,7 @@ static connection_result_t fcgi_establish_connection(server *srv, handler_ctx *h
return CONNECTION_DEAD;
#endif
} else {
memset(&fcgi_addr_in, 0, sizeof(fcgi_addr_in));
fcgi_addr_in.sin_family = AF_INET;
if (!buffer_string_is_empty(host->host)) {
if (0 == inet_aton(host->host->ptr, &(fcgi_addr_in.sin_addr))) {

8
src/mod_scgi.c

@ -666,9 +666,8 @@ static int scgi_spawn_connection(server *srv,
}
if (!buffer_string_is_empty(proc->socket)) {
memset(&scgi_addr, 0, sizeof(scgi_addr));
#ifdef HAVE_SYS_UN_H
memset(&scgi_addr_un, 0, sizeof(scgi_addr_un));
scgi_addr_un.sun_family = AF_UNIX;
if (buffer_string_length(proc->socket) + 1 > sizeof(scgi_addr_un.sun_path)) {
log_error_write(srv, __FILE__, __LINE__, "sB",
@ -692,6 +691,7 @@ static int scgi_spawn_connection(server *srv,
return -1;
#endif
} else {
memset(&scgi_addr_in, 0, sizeof(scgi_addr_in));
scgi_addr_in.sin_family = AF_INET;
if (buffer_string_is_empty(host->host)) {
@ -1339,11 +1339,10 @@ static int scgi_establish_connection(server *srv, handler_ctx *hctx) {
scgi_proc *proc = hctx->proc;
int scgi_fd = hctx->fd;
memset(&scgi_addr, 0, sizeof(scgi_addr));
if (!buffer_string_is_empty(proc->socket)) {
#ifdef HAVE_SYS_UN_H
/* use the unix domain socket */
memset(&scgi_addr_un, 0, sizeof(scgi_addr_un));
scgi_addr_un.sun_family = AF_UNIX;
if (buffer_string_length(proc->socket) + 1 > sizeof(scgi_addr_un.sun_path)) {
log_error_write(srv, __FILE__, __LINE__, "sB",
@ -1364,6 +1363,7 @@ static int scgi_establish_connection(server *srv, handler_ctx *hctx) {
return -1;
#endif
} else {
memset(&scgi_addr_in, 0, sizeof(scgi_addr_in));
scgi_addr_in.sin_family = AF_INET;
if (0 == inet_aton(host->host->ptr, &(scgi_addr_in.sin_addr))) {
log_error_write(srv, __FILE__, __LINE__, "sbs",

Loading…
Cancel
Save