From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <alexander.turenko@tarantool.org>
From: Alexander Turenko <alexander.turenko@tarantool.org>
Subject: [PATCH 3/3] socket: prevent recvfrom from returning garbage
Date: Fri, 24 Aug 2018 05:47:39 +0300
Message-Id: <0c53f7379963bb5fb61c97e08d782357bd82f562.1535076888.git.alexander.turenko@tarantool.org>
In-Reply-To: <cover.1535076888.git.alexander.turenko@tarantool.org>
References: <cover.1535076888.git.alexander.turenko@tarantool.org>
In-Reply-To: <cover.1535076888.git.alexander.turenko@tarantool.org>
References: <cover.1535076888.git.alexander.turenko@tarantool.org>
To: Vladimir Davydov <vdavydov.dev@gmail.com>
Cc: Alexander Turenko <alexander.turenko@tarantool.org>, tarantool-patches@freelists.org, Yaroslav Dynnikov <yaroslav.dynnikov@tarantool.org>
List-ID: <tarantool-patches.dev.tarantool.org>

In C recvfrom function sets addrlen parameter to zero when called on TCP
socket (at least on Linux). The src_addr parameter can contain garbage
in the case, so we should not dereference it.

Before this commit socket:recvfrom() can return 'from' table with only
family field (don't sure why, but addr->sa_family often contain PF_INET
value in my case) or return nil depending on the garbage at the address.
Now it always return nil.
---
 src/lua/socket.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/lua/socket.c b/src/lua/socket.c
index c716979f4..c9ed7cfdd 100644
--- a/src/lua/socket.c
+++ b/src/lua/socket.c
@@ -680,6 +680,11 @@ static int
 lbox_socket_push_addr(struct lua_State *L,
 			 const struct sockaddr *addr, socklen_t alen)
 {
+	if (alen == 0) {
+		lua_pushnil(L);
+		return 1;
+	}
+
 	lua_newtable(L);
 
 	lua_pushliteral(L, "family");
-- 
2.17.1