Browse Source

fixed possible overflow in unix-socket path checks on BSD (#713)

- use sizeof(sun_path) instead of UNIX_PATH_MAX which might not be
  defined


git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@1944 152afb58-edef-0310-8abb-c4023f1b3aa9
svn/tags/lighttpd-1.4.17
Jan Kneschke 14 years ago
parent
commit
c4e3150283
  1. 3
      NEWS
  2. 8
      src/mod_fastcgi.c
  3. 8
      src/mod_scgi.c
  4. 8
      src/spawn-fcgi.c

3
NEWS

@ -16,7 +16,8 @@ NEWS
* fixed invalid "304 Not Modified" on broken timestamps
* fixed endless loop on shrinked files with sendfile() on BSD (#1289)
* fixed counter overrun in ?auto in mod_status (#909)
* fixed too aggresive caching of nested conditionals
* fixed too aggresive caching of nested conditionals (#41)
* fixed possible overflow in unix-socket path checks on BSD (#713)
* removed config-check if passwd files exist (#1188)

8
src/mod_fastcgi.c

@ -42,11 +42,6 @@
#include "sys-socket.h"
#ifndef UNIX_PATH_MAX
# define UNIX_PATH_MAX 108
#endif
#ifdef HAVE_SYS_UIO_H
#include <sys/uio.h>
#endif
@ -1254,8 +1249,9 @@ SETDEFAULTS_FUNC(mod_fastcgi_set_defaults) {
if (!buffer_is_empty(host->unixsocket)) {
/* unix domain socket */
struct sockaddr_un un;
if (host->unixsocket->used > UNIX_PATH_MAX - 2) {
if (host->unixsocket->used > sizeof(un.sun_path) - 2) {
log_error_write(srv, __FILE__, __LINE__, "sbsbsbs",
"unixsocket is too long in:",
da->key, "= (",

8
src/mod_scgi.c

@ -31,11 +31,6 @@
#include "sys-socket.h"
#ifndef UNIX_PATH_MAX
# define UNIX_PATH_MAX 108
#endif
#ifdef HAVE_SYS_UIO_H
#include <sys/uio.h>
#endif
@ -1027,8 +1022,9 @@ SETDEFAULTS_FUNC(mod_scgi_set_defaults) {
if (!buffer_is_empty(df->unixsocket)) {
/* unix domain socket */
struct sockaddr_un un;
if (df->unixsocket->used > UNIX_PATH_MAX - 2) {
if (df->unixsocket->used > sizeof(un.sun_path) - 2) {
log_error_write(srv, __FILE__, __LINE__, "s",
"path of the unixdomain socket is too large");
return HANDLER_ERROR;

8
src/spawn-fcgi.c

@ -25,10 +25,6 @@
#define FCGI_LISTENSOCK_FILENO 0
#ifndef UNIX_PATH_MAX
# define UNIX_PATH_MAX 108
#endif
#include "sys-socket.h"
#ifdef HAVE_SYS_WAIT_H
@ -273,6 +269,8 @@ int main(int argc, char **argv) {
int i_am_root, o;
int pid_fd = -1;
int nofork = 0;
struct sockaddr_un un;
const size_t sun_path_len = sizeof(un.sun_path);
i_am_root = (getuid() == 0);
@ -309,7 +307,7 @@ int main(int argc, char **argv) {
return -1;
}
if (unixsocket && strlen(unixsocket) > UNIX_PATH_MAX - 1) {
if (unixsocket && strlen(unixsocket) > sun_path_len - 1) {
fprintf(stderr, "%s.%d: %s\n",
__FILE__, __LINE__,
"path of the unix socket is too long\n");

Loading…
Cancel
Save