Project

General

Profile

Bug #2691

[PATCH] zero sockaddr structures before use in mod_*cgi

Added by mackyle over 3 years ago. Updated over 3 years ago.

Status:
Fixed
Priority:
Normal
Assignee:
Category:
mod_fastcgi
Target version:
Start date:
2015-12-03
Due date:
% Done:

100%

Estimated time:
Missing in 1.5.x:
Yes

Description

When a sockaddr_un, sockaddr_in or sockaddr_in6 structure
is allocated on the stack or heap, it may contain random
byte values.

The "unused" and "reserved" parts must be zerod otherwise
unexpected failures may occur. The simplest way to do
this and be compatible with various platforms' struct
layouts is just to memset them to 0.

The current version of the code is just zeroing the pointer
to the struct but not the struct itself which is not helpful.

This problem affects both mod_fastcgi and mod_scgi.

Patch file attached.

See also http://repo.or.cz/lighttpd/svnmirror/patches.git/commitdiff/37649f23

Associated revisions

Revision 3059 (diff)
Added by stbuehler over 3 years ago

[mod_fastcgi/mod_scgi] zero sockaddr structs before use (fixes #2691)

When a sockaddr_un, sockaddr_in or sockaddr_in6 structure
is allocated on the stack or heap, it may contain random
byte values.

The "unused" and "reserved" parts must be zerod otherwise
unexpected failures may occur. The simplest way to do
this and be compatible with various platforms' struct
layouts is just to memset them to 0.

Signed-off-by: Kyle J. McKay <>

Revision b0ecb4d4 (diff)
Added by mackyle over 3 years ago

[mod_fastcgi/mod_scgi] zero sockaddr structs before use (fixes #2691)

When a sockaddr_un, sockaddr_in or sockaddr_in6 structure
is allocated on the stack or heap, it may contain random
byte values.

The "unused" and "reserved" parts must be zerod otherwise
unexpected failures may occur. The simplest way to do
this and be compatible with various platforms' struct
layouts is just to memset them to 0.

Signed-off-by: Kyle J. McKay <>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3059 152afb58-edef-0310-8abb-c4023f1b3aa9

History

#1

Updated by stbuehler over 3 years ago

  • Target version changed from 1.4.x to 1.4.38

Sounds good.

#2

Updated by stbuehler over 3 years ago

  • Status changed from New to Fixed
  • % Done changed from 0 to 100

Applied in changeset r3059.

Also available in: Atom