IntenseWebs/nginx
3
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fixed handling of unix sockets in $binary_remote_addr.

Browse Source 
Previously, unix sockets were treated as AF_INET ones, and this may
result in buffer overread on Linux, where unbound unix sockets have
2-byte addresses.

Note that it is not correct to use just sun_path as a binary representation
for unix sockets.  This will result in an empty string for unbound unix
sockets, and thus behaviour of limit_req and limit_conn will change when
switching from $remote_addr to $binary_remote_addr.  As such, normal text
representation is used.

Reported by Stephan Dollberg.
This commit is contained in:
Maxim Dounin 2017-10-04 21:19:42 +03:00
parent cba23f88ec
commit 41d8ea8c8d
2 changed files with 24 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/http/ngx_http_variables.c
View File

@ -1240,6 +1240,18 @@ ngx_http_variable_binary_remote_addr(ngx_http_request_t *r,
break; break;
#endif #endif
#if (NGX_HAVE_UNIX_DOMAIN)
case AF_UNIX:
v->len = r->connection->addr_text.len;
v->valid = 1;
v->no_cacheable = 0;
v->not_found = 0;
v->data = r->connection->addr_text.data;
break;
#endif
default: /* AF_INET */ default: /* AF_INET */
sin = (struct sockaddr_in *) r->connection->sockaddr; sin = (struct sockaddr_in *) r->connection->sockaddr;

12
src/stream/ngx_stream_variables.c
View File

@ -481,6 +481,18 @@ ngx_stream_variable_binary_remote_addr(ngx_stream_session_t *s,
break; break;
#endif #endif
#if (NGX_HAVE_UNIX_DOMAIN)
case AF_UNIX:
v->len = s->connection->addr_text.len;
v->valid = 1;
v->no_cacheable = 0;
v->not_found = 0;
v->data = s->connection->addr_text.data;
break;
#endif
default: /* AF_INET */ default: /* AF_INET */
sin = (struct sockaddr_in *) s->connection->sockaddr; sin = (struct sockaddr_in *) s->connection->sockaddr;