diff options
| author | Kyle J. McKay <mackyle@gmail.com> | 2015-12-04 20:22:42 +0000 |
|---|---|---|
| committer | Stefan Bühler <stbuehler@web.de> | 2015-12-04 20:22:42 +0000 |
| commit | b0ecb4d44b87510ee3eb1305bc47ede0816e6d71 (patch) | |
| tree | 1c83dbfe2ffeb8aa3b407ce51d05fd83035dd720 | |
| parent | ab05eb7cec9772f0b9ca5337a32f705199abc0e7 (diff) | |
| download | lighttpd-git-b0ecb4d44b87510ee3eb1305bc47ede0816e6d71.tar.gz | |
[mod_fastcgi/mod_scgi] zero sockaddr structs before use (fixes #2691)
When a sockaddr_un, sockaddr_in or sockaddr_in6 structure
is allocated on the stack or heap, it may contain random
byte values.
The "unused" and "reserved" parts must be zerod otherwise
unexpected failures may occur. The simplest way to do
this and be compatible with various platforms' struct
layouts is just to memset them to 0.
Signed-off-by: Kyle J. McKay <mackyle@gmail.com>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3059 152afb58-edef-0310-8abb-c4023f1b3aa9
| -rw-r--r-- | NEWS | 1 | ||||
| -rw-r--r-- | src/mod_fastcgi.c | 8 | ||||
| -rw-r--r-- | src/mod_scgi.c | 8 |
3 files changed, 9 insertions, 8 deletions
@@ -17,6 +17,7 @@ NEWS * [core] add '~' to safe characters in ENCODING_REL_URI/ENCODING_REL_URI_PART encoding * [core] encode path with ENCODING_REL_URI in redirect to directory (fixes #2661, thx gstrauss) * [mod_secdownload] add required algorithm option; old behaviour available as "md5", new options "hmac-sha1" and "hmac-sha256" + * [mod_fastcgi/mod_scgi] zero sockaddr structs before use (fixes #2691, thx Kyle J. McKay) - 1.4.37 - 2015-08-30 * [mod_proxy] remove debug log line from error log (fixes #2659) diff --git a/src/mod_fastcgi.c b/src/mod_fastcgi.c index 63405ee0..0c3620e1 100644 --- a/src/mod_fastcgi.c +++ b/src/mod_fastcgi.c @@ -859,9 +859,8 @@ static int fcgi_spawn_connection(server *srv, } if (!buffer_string_is_empty(proc->unixsocket)) { - memset(&fcgi_addr, 0, sizeof(fcgi_addr)); - #ifdef HAVE_SYS_UN_H + memset(&fcgi_addr_un, 0, sizeof(fcgi_addr_un)); fcgi_addr_un.sun_family = AF_UNIX; if (buffer_string_length(proc->unixsocket) + 1 > sizeof(fcgi_addr_un.sun_path)) { log_error_write(srv, __FILE__, __LINE__, "sB", @@ -889,6 +888,7 @@ static int fcgi_spawn_connection(server *srv, return -1; #endif } else { + memset(&fcgi_addr_in, 0, sizeof(fcgi_addr_in)); fcgi_addr_in.sin_family = AF_INET; if (buffer_string_is_empty(host->host)) { @@ -1660,11 +1660,10 @@ static connection_result_t fcgi_establish_connection(server *srv, handler_ctx *h fcgi_proc *proc = hctx->proc; int fcgi_fd = hctx->fd; - memset(&fcgi_addr, 0, sizeof(fcgi_addr)); - if (!buffer_string_is_empty(proc->unixsocket)) { #ifdef HAVE_SYS_UN_H /* use the unix domain socket */ + memset(&fcgi_addr_un, 0, sizeof(fcgi_addr_un)); fcgi_addr_un.sun_family = AF_UNIX; if (buffer_string_length(proc->unixsocket) + 1 > sizeof(fcgi_addr_un.sun_path)) { log_error_write(srv, __FILE__, __LINE__, "sB", @@ -1691,6 +1690,7 @@ static connection_result_t fcgi_establish_connection(server *srv, handler_ctx *h return CONNECTION_DEAD; #endif } else { + memset(&fcgi_addr_in, 0, sizeof(fcgi_addr_in)); fcgi_addr_in.sin_family = AF_INET; if (!buffer_string_is_empty(host->host)) { if (0 == inet_aton(host->host->ptr, &(fcgi_addr_in.sin_addr))) { diff --git a/src/mod_scgi.c b/src/mod_scgi.c index 4c629a76..bd2dbb67 100644 --- a/src/mod_scgi.c +++ b/src/mod_scgi.c @@ -666,9 +666,8 @@ static int scgi_spawn_connection(server *srv, } if (!buffer_string_is_empty(proc->socket)) { - memset(&scgi_addr, 0, sizeof(scgi_addr)); - #ifdef HAVE_SYS_UN_H + memset(&scgi_addr_un, 0, sizeof(scgi_addr_un)); scgi_addr_un.sun_family = AF_UNIX; if (buffer_string_length(proc->socket) + 1 > sizeof(scgi_addr_un.sun_path)) { log_error_write(srv, __FILE__, __LINE__, "sB", @@ -692,6 +691,7 @@ static int scgi_spawn_connection(server *srv, return -1; #endif } else { + memset(&scgi_addr_in, 0, sizeof(scgi_addr_in)); scgi_addr_in.sin_family = AF_INET; if (buffer_string_is_empty(host->host)) { @@ -1339,11 +1339,10 @@ static int scgi_establish_connection(server *srv, handler_ctx *hctx) { scgi_proc *proc = hctx->proc; int scgi_fd = hctx->fd; - memset(&scgi_addr, 0, sizeof(scgi_addr)); - if (!buffer_string_is_empty(proc->socket)) { #ifdef HAVE_SYS_UN_H /* use the unix domain socket */ + memset(&scgi_addr_un, 0, sizeof(scgi_addr_un)); scgi_addr_un.sun_family = AF_UNIX; if (buffer_string_length(proc->socket) + 1 > sizeof(scgi_addr_un.sun_path)) { log_error_write(srv, __FILE__, __LINE__, "sB", @@ -1364,6 +1363,7 @@ static int scgi_establish_connection(server *srv, handler_ctx *hctx) { return -1; #endif } else { + memset(&scgi_addr_in, 0, sizeof(scgi_addr_in)); scgi_addr_in.sin_family = AF_INET; if (0 == inet_aton(host->host->ptr, &(scgi_addr_in.sin_addr))) { log_error_write(srv, __FILE__, __LINE__, "sbs", |