From: Alexander Turenko <alexander.turenko@tarantool.org>
To: Vladimir Davydov <vdavydov.dev@gmail.com>
Cc: Alexander Turenko <alexander.turenko@tarantool.org>,
tarantool-patches@freelists.org,
Yaroslav Dynnikov <yaroslav.dynnikov@tarantool.org>
Subject: [PATCH 3/3] socket: prevent recvfrom from returning garbage
Date: Fri, 24 Aug 2018 05:47:39 +0300 [thread overview]
Message-ID: <0c53f7379963bb5fb61c97e08d782357bd82f562.1535076888.git.alexander.turenko@tarantool.org> (raw)
In-Reply-To: <cover.1535076888.git.alexander.turenko@tarantool.org>
In-Reply-To: <cover.1535076888.git.alexander.turenko@tarantool.org>
In C recvfrom function sets addrlen parameter to zero when called on TCP
socket (at least on Linux). The src_addr parameter can contain garbage
in the case, so we should not dereference it.
Before this commit socket:recvfrom() can return 'from' table with only
family field (don't sure why, but addr->sa_family often contain PF_INET
value in my case) or return nil depending on the garbage at the address.
Now it always return nil.
---
src/lua/socket.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/lua/socket.c b/src/lua/socket.c
index c716979f4..c9ed7cfdd 100644
--- a/src/lua/socket.c
+++ b/src/lua/socket.c
@@ -680,6 +680,11 @@ static int
lbox_socket_push_addr(struct lua_State *L,
const struct sockaddr *addr, socklen_t alen)
{
+ if (alen == 0) {
+ lua_pushnil(L);
+ return 1;
+ }
+
lua_newtable(L);
lua_pushliteral(L, "family");
--
2.17.1
next prev parent reply other threads:[~2018-08-24 2:47 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-24 2:47 [PATCH 0/3] *** [#3619] socket.recvfrom crops UDP packets *** Alexander Turenko
2018-08-24 2:47 ` [PATCH 1/3] socket: evaluate buffer size in recv / recvfrom Alexander Turenko
2018-08-24 14:07 ` Vladimir Davydov
2018-08-24 15:25 ` Vladimir Davydov
2018-08-27 0:08 ` Alexander Turenko
2018-08-27 9:20 ` Vladimir Davydov
2018-08-27 9:26 ` Alexander Turenko
2018-08-24 2:47 ` [PATCH 2/3] socket: don't truncate a datagram in recv/recvfrom Alexander Turenko
2018-08-24 15:24 ` Vladimir Davydov
2018-08-24 2:47 ` Alexander Turenko [this message]
2018-08-24 13:07 ` [PATCH 3/3] socket: prevent recvfrom from returning garbage Vladimir Davydov
2018-08-24 13:44 ` Alexander Turenko
2018-08-24 13:55 ` Vladimir Davydov
2018-08-24 17:11 ` Vladimir Davydov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0c53f7379963bb5fb61c97e08d782357bd82f562.1535076888.git.alexander.turenko@tarantool.org \
--to=alexander.turenko@tarantool.org \
--cc=tarantool-patches@freelists.org \
--cc=vdavydov.dev@gmail.com \
--cc=yaroslav.dynnikov@tarantool.org \
--subject='Re: [PATCH 3/3] socket: prevent recvfrom from returning garbage' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox