From: Alexander Turenko <alexander.turenko@tarantool.org> To: Vladimir Davydov <vdavydov.dev@gmail.com> Cc: Alexander Turenko <alexander.turenko@tarantool.org>, tarantool-patches@freelists.org, Yaroslav Dynnikov <yaroslav.dynnikov@tarantool.org> Subject: [PATCH 3/3] socket: prevent recvfrom from returning garbage Date: Fri, 24 Aug 2018 05:47:39 +0300 [thread overview] Message-ID: <0c53f7379963bb5fb61c97e08d782357bd82f562.1535076888.git.alexander.turenko@tarantool.org> (raw) In-Reply-To: <cover.1535076888.git.alexander.turenko@tarantool.org> In-Reply-To: <cover.1535076888.git.alexander.turenko@tarantool.org> In C recvfrom function sets addrlen parameter to zero when called on TCP socket (at least on Linux). The src_addr parameter can contain garbage in the case, so we should not dereference it. Before this commit socket:recvfrom() can return 'from' table with only family field (don't sure why, but addr->sa_family often contain PF_INET value in my case) or return nil depending on the garbage at the address. Now it always return nil. --- src/lua/socket.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/lua/socket.c b/src/lua/socket.c index c716979f4..c9ed7cfdd 100644 --- a/src/lua/socket.c +++ b/src/lua/socket.c @@ -680,6 +680,11 @@ static int lbox_socket_push_addr(struct lua_State *L, const struct sockaddr *addr, socklen_t alen) { + if (alen == 0) { + lua_pushnil(L); + return 1; + } + lua_newtable(L); lua_pushliteral(L, "family"); -- 2.17.1
next prev parent reply other threads:[~2018-08-24 2:47 UTC|newest] Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top 2018-08-24 2:47 [PATCH 0/3] *** [#3619] socket.recvfrom crops UDP packets *** Alexander Turenko 2018-08-24 2:47 ` [PATCH 1/3] socket: evaluate buffer size in recv / recvfrom Alexander Turenko 2018-08-24 14:07 ` Vladimir Davydov 2018-08-24 15:25 ` Vladimir Davydov 2018-08-27 0:08 ` Alexander Turenko 2018-08-27 9:20 ` Vladimir Davydov 2018-08-27 9:26 ` Alexander Turenko 2018-08-24 2:47 ` [PATCH 2/3] socket: don't truncate a datagram in recv/recvfrom Alexander Turenko 2018-08-24 15:24 ` Vladimir Davydov 2018-08-24 2:47 ` Alexander Turenko [this message] 2018-08-24 13:07 ` [PATCH 3/3] socket: prevent recvfrom from returning garbage Vladimir Davydov 2018-08-24 13:44 ` Alexander Turenko 2018-08-24 13:55 ` Vladimir Davydov 2018-08-24 17:11 ` Vladimir Davydov
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=0c53f7379963bb5fb61c97e08d782357bd82f562.1535076888.git.alexander.turenko@tarantool.org \ --to=alexander.turenko@tarantool.org \ --cc=tarantool-patches@freelists.org \ --cc=vdavydov.dev@gmail.com \ --cc=yaroslav.dynnikov@tarantool.org \ --subject='Re: [PATCH 3/3] socket: prevent recvfrom from returning garbage' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox