Project

General

Profile

Actions
Copy link

Bug #2691

closed

[PATCH] zero sockaddr structures before use in mod_*cgi

Added by mackyle over 8 years ago. Updated over 8 years ago.

Status:
Fixed
Priority:
Normal
Category:
mod_fastcgi
Target version:
1.4.38
ASK QUESTIONS IN Forums:

Description

When a sockaddr_un, sockaddr_in or sockaddr_in6 structure
is allocated on the stack or heap, it may contain random
byte values.

The "unused" and "reserved" parts must be zerod otherwise
unexpected failures may occur. The simplest way to do
this and be compatible with various platforms' struct
layouts is just to memset them to 0.

The current version of the code is just zeroing the pointer
to the struct but not the struct itself which is not helpful.

This problem affects both mod_fastcgi and mod_scgi.

Patch file attached.

See also http://repo.or.cz/lighttpd/svnmirror/patches.git/commitdiff/37649f23

Files

0005-zero-sockaddr-structs-before-use_patch.txt (3.94 KB) 0005-zero-sockaddr-structs-before-use_patch.txt mackyle, 2015-12-03 22:46
Actions
Copy link
 #1

Updated by stbuehler over 8 years ago

  • Target version changed from 1.4.x to 1.4.38

Sounds good.

Actions
Copy link
 #2

Updated by stbuehler over 8 years ago

  • Status changed from New to Fixed
  • % Done changed from 0 to 100

Applied in changeset r3059.

Actions
Copy link

Also available in: Atom