Tarantool development patches archive
 help / color / mirror / Atom feed
From: Alexander Turenko <alexander.turenko@tarantool.org>
To: Vladimir Davydov <vdavydov.dev@gmail.com>
Cc: Alexander Turenko <alexander.turenko@tarantool.org>,
	tarantool-patches@freelists.org,
	Yaroslav Dynnikov <yaroslav.dynnikov@tarantool.org>
Subject: [PATCH 3/3] socket: prevent recvfrom from returning garbage
Date: Fri, 24 Aug 2018 05:47:39 +0300	[thread overview]
Message-ID: <0c53f7379963bb5fb61c97e08d782357bd82f562.1535076888.git.alexander.turenko@tarantool.org> (raw)
In-Reply-To: <cover.1535076888.git.alexander.turenko@tarantool.org>
In-Reply-To: <cover.1535076888.git.alexander.turenko@tarantool.org>

In C recvfrom function sets addrlen parameter to zero when called on TCP
socket (at least on Linux). The src_addr parameter can contain garbage
in the case, so we should not dereference it.

Before this commit socket:recvfrom() can return 'from' table with only
family field (don't sure why, but addr->sa_family often contain PF_INET
value in my case) or return nil depending on the garbage at the address.
Now it always return nil.
---
 src/lua/socket.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/lua/socket.c b/src/lua/socket.c
index c716979f4..c9ed7cfdd 100644
--- a/src/lua/socket.c
+++ b/src/lua/socket.c
@@ -680,6 +680,11 @@ static int
 lbox_socket_push_addr(struct lua_State *L,
 			 const struct sockaddr *addr, socklen_t alen)
 {
+	if (alen == 0) {
+		lua_pushnil(L);
+		return 1;
+	}
+
 	lua_newtable(L);
 
 	lua_pushliteral(L, "family");
-- 
2.17.1

  parent reply	other threads:[~2018-08-24  2:47 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-08-24  2:47 [PATCH 0/3] *** [#3619] socket.recvfrom crops UDP packets *** Alexander Turenko
2018-08-24  2:47 ` [PATCH 1/3] socket: evaluate buffer size in recv / recvfrom Alexander Turenko
2018-08-24 14:07   ` Vladimir Davydov
2018-08-24 15:25   ` Vladimir Davydov
2018-08-27  0:08     ` Alexander Turenko
2018-08-27  9:20       ` Vladimir Davydov
2018-08-27  9:26         ` Alexander Turenko
2018-08-24  2:47 ` [PATCH 2/3] socket: don't truncate a datagram in recv/recvfrom Alexander Turenko
2018-08-24 15:24   ` Vladimir Davydov
2018-08-24  2:47 ` Alexander Turenko [this message]
2018-08-24 13:07   ` [PATCH 3/3] socket: prevent recvfrom from returning garbage Vladimir Davydov
2018-08-24 13:44     ` Alexander Turenko
2018-08-24 13:55       ` Vladimir Davydov
2018-08-24 17:11   ` Vladimir Davydov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=0c53f7379963bb5fb61c97e08d782357bd82f562.1535076888.git.alexander.turenko@tarantool.org \
    --to=alexander.turenko@tarantool.org \
    --cc=tarantool-patches@freelists.org \
    --cc=vdavydov.dev@gmail.com \
    --cc=yaroslav.dynnikov@tarantool.org \
    --subject='Re: [PATCH 3/3] socket: prevent recvfrom from returning garbage' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox