Events: fixed handling zero-length client address.
On Linux recvmsg() syscall may return a zero-length client address when receiving a datagram from an unbound unix datagram socket. It is usually assumed that socket address has at least the sa_family member. Zero-length socket address caused buffer over-read in functions which receive socket address, for example ngx_sock_ntop(). Typically the over-read resulted in unexpected socket family followed by session close. Now a fake socket address is allocated instead of a zero-length client address.
This commit is contained in:
parent
434b9d68ec
commit
a7a34f2019
|
@ -448,6 +448,18 @@ ngx_event_recvmsg(ngx_event_t *ev)
|
|||
c->socklen = sizeof(ngx_sockaddr_t);
|
||||
}
|
||||
|
||||
if (c->socklen == 0) {
|
||||
|
||||
/*
|
||||
* on Linux recvmsg() returns zero msg_namelen
|
||||
* when receiving packets from unbound AF_UNIX sockets
|
||||
*/
|
||||
|
||||
c->socklen = sizeof(struct sockaddr);
|
||||
ngx_memzero(&sa, sizeof(struct sockaddr));
|
||||
sa.sockaddr.sa_family = ls->sockaddr->sa_family;
|
||||
}
|
||||
|
||||
#if (NGX_STAT_STUB)
|
||||
(void) ngx_atomic_fetch_add(ngx_stat_active, 1);
|
||||
#endif
|
||||
|
|
Loading…
Reference in New Issue