Project

General

Profile

Bug #2691 ยป 0005-zero-sockaddr-structs-before-use_patch.txt

mackyle, 2015-12-03 22:46

 
From 37649f237ef5e89223b06c43f77fdce728f4de0e Mon Sep 17 00:00:00 2001
From: "Kyle J. McKay" <mackyle@gmail.com>
Date: Thu, 3 Dec 2015 11:20:33 -0800
Subject: [PATCH] zero sockaddr structs before use

When a sockaddr_un, sockaddr_in or sockaddr_in6 structure
is allocated on the stack or heap, it may contain random
byte values.

The "unused" and "reserved" parts must be zerod otherwise
unexpected failures may occur. The simplest way to do
this and be compatible with various platforms' struct
layouts is just to memset them to 0.

Signed-off-by: Kyle J. McKay <mackyle@gmail.com>
---
src/mod_fastcgi.c | 8 ++++----
src/mod_scgi.c | 8 ++++----
2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/mod_fastcgi.c b/src/mod_fastcgi.c
index 63405ee0..0c3620e1 100644
--- a/src/mod_fastcgi.c
+++ b/src/mod_fastcgi.c
@@ -859,9 +859,8 @@ static int fcgi_spawn_connection(server *srv,
}
if (!buffer_string_is_empty(proc->unixsocket)) {
- memset(&fcgi_addr, 0, sizeof(fcgi_addr));
-
#ifdef HAVE_SYS_UN_H
+ memset(&fcgi_addr_un, 0, sizeof(fcgi_addr_un));
fcgi_addr_un.sun_family = AF_UNIX;
if (buffer_string_length(proc->unixsocket) + 1 > sizeof(fcgi_addr_un.sun_path)) {
log_error_write(srv, __FILE__, __LINE__, "sB",
@@ -889,6 +888,7 @@ static int fcgi_spawn_connection(server *srv,
return -1;
#endif
} else {
+ memset(&fcgi_addr_in, 0, sizeof(fcgi_addr_in));
fcgi_addr_in.sin_family = AF_INET;
if (buffer_string_is_empty(host->host)) {
@@ -1660,11 +1660,10 @@ static connection_result_t fcgi_establish_connection(server *srv, handler_ctx *h
fcgi_proc *proc = hctx->proc;
int fcgi_fd = hctx->fd;
- memset(&fcgi_addr, 0, sizeof(fcgi_addr));
-
if (!buffer_string_is_empty(proc->unixsocket)) {
#ifdef HAVE_SYS_UN_H
/* use the unix domain socket */
+ memset(&fcgi_addr_un, 0, sizeof(fcgi_addr_un));
fcgi_addr_un.sun_family = AF_UNIX;
if (buffer_string_length(proc->unixsocket) + 1 > sizeof(fcgi_addr_un.sun_path)) {
log_error_write(srv, __FILE__, __LINE__, "sB",
@@ -1691,6 +1690,7 @@ static connection_result_t fcgi_establish_connection(server *srv, handler_ctx *h
return CONNECTION_DEAD;
#endif
} else {
+ memset(&fcgi_addr_in, 0, sizeof(fcgi_addr_in));
fcgi_addr_in.sin_family = AF_INET;
if (!buffer_string_is_empty(host->host)) {
if (0 == inet_aton(host->host->ptr, &(fcgi_addr_in.sin_addr))) {
diff --git a/src/mod_scgi.c b/src/mod_scgi.c
index 4c629a76..bd2dbb67 100644
--- a/src/mod_scgi.c
+++ b/src/mod_scgi.c
@@ -666,9 +666,8 @@ static int scgi_spawn_connection(server *srv,
}
if (!buffer_string_is_empty(proc->socket)) {
- memset(&scgi_addr, 0, sizeof(scgi_addr));
-
#ifdef HAVE_SYS_UN_H
+ memset(&scgi_addr_un, 0, sizeof(scgi_addr_un));
scgi_addr_un.sun_family = AF_UNIX;
if (buffer_string_length(proc->socket) + 1 > sizeof(scgi_addr_un.sun_path)) {
log_error_write(srv, __FILE__, __LINE__, "sB",
@@ -692,6 +691,7 @@ static int scgi_spawn_connection(server *srv,
return -1;
#endif
} else {
+ memset(&scgi_addr_in, 0, sizeof(scgi_addr_in));
scgi_addr_in.sin_family = AF_INET;
if (buffer_string_is_empty(host->host)) {
@@ -1339,11 +1339,10 @@ static int scgi_establish_connection(server *srv, handler_ctx *hctx) {
scgi_proc *proc = hctx->proc;
int scgi_fd = hctx->fd;
- memset(&scgi_addr, 0, sizeof(scgi_addr));
-
if (!buffer_string_is_empty(proc->socket)) {
#ifdef HAVE_SYS_UN_H
/* use the unix domain socket */
+ memset(&scgi_addr_un, 0, sizeof(scgi_addr_un));
scgi_addr_un.sun_family = AF_UNIX;
if (buffer_string_length(proc->socket) + 1 > sizeof(scgi_addr_un.sun_path)) {
log_error_write(srv, __FILE__, __LINE__, "sB",
@@ -1364,6 +1363,7 @@ static int scgi_establish_connection(server *srv, handler_ctx *hctx) {
return -1;
#endif
} else {
+ memset(&scgi_addr_in, 0, sizeof(scgi_addr_in));
scgi_addr_in.sin_family = AF_INET;
if (0 == inet_aton(host->host->ptr, &(scgi_addr_in.sin_addr))) {
log_error_write(srv, __FILE__, __LINE__, "sbs",
--
2.4.10

    (1-1/1)