* [Tarantool-patches] [PATCH] app: verify unix socket path length in socket.tcp_server()
@ 2020-02-21 12:32 Chris Sosnin
2020-02-22 16:28 ` Vladislav Shpilevoy
2020-02-24 18:18 ` Kirill Yukhin
0 siblings, 2 replies; 5+ messages in thread
From: Chris Sosnin @ 2020-02-21 12:32 UTC (permalink / raw)
To: tarantool-patches, v.shpilevoy
Providing socket pathname longer than UNIX_PATH_MAX to socket.tcp_server()
will not cause any error, lbox_socket_local_resolve will just truncate the
name according to the limit, causing bad behavior (tarantool will try to
access a socket, which doesn't exist). Thus, let's verify, that pathname
can fit into buffer.
Closes #4634
---
branch: https://github.com/tarantool/tarantool/tree/ksosnin/gh-4634-verify-socket-path-length
issue: https://github.com/tarantool/tarantool/issues/4634
The issue itself already contains the fix, I just added the test and
dropped the following comment from the code:
+ /*
+ * sun_path doesn't have to be null-terminated on
+ * Linux, but we ensure it is so for maximum
+ * portability.
+ */
According to unix(7):
Pathname sockets
When binding a socket to a pathname, a few rules should be observed
for maximum portability and ease of coding:
* The pathname in sun_path should be null-terminated.
So such comment (at least for me) would rather be confusing.
src/lua/socket.c | 3 ++-
test/app/socket.result | 8 ++++++++
test/app/socket.test.lua | 4 ++++
3 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/src/lua/socket.c b/src/lua/socket.c
index 130378caf..e75a8802e 100644
--- a/src/lua/socket.c
+++ b/src/lua/socket.c
@@ -403,7 +403,8 @@ lbox_socket_local_resolve(const char *host, const char *port,
{
if (strcmp(host, "unix/") == 0) {
struct sockaddr_un *uaddr = (struct sockaddr_un *) addr;
- if (*socklen < sizeof(*uaddr)) {
+ if (*socklen < sizeof(*uaddr) ||
+ strlen(port) >= sizeof(uaddr->sun_path)) {
errno = ENOBUFS;
return -1;
}
diff --git a/test/app/socket.result b/test/app/socket.result
index 9829df138..f47d06935 100644
--- a/test/app/socket.result
+++ b/test/app/socket.result
@@ -1614,6 +1614,14 @@ socket.getaddrinfo('host', 'port', { flags = 'WRONG' }) == nil and errno() == er
---
- true
...
+-- gh-4634: verify socket path length in socket.tcp_server.
+long_port = string.rep('a', 110)
+---
+...
+socket.tcp_server('unix/', long_port, function(s) end) == errno.ENOBUF
+---
+- true
+...
-- gh-574: check that fiber with getaddrinfo can be safely cancelled
test_run:cmd("setopt delimiter ';'")
---
diff --git a/test/app/socket.test.lua b/test/app/socket.test.lua
index af926c35b..e303d3743 100644
--- a/test/app/socket.test.lua
+++ b/test/app/socket.test.lua
@@ -531,6 +531,10 @@ socket.getaddrinfo('host', 'port', { family = 'WRONG' }) == nil and errno() == e
socket.getaddrinfo('host', 'port', { protocol = 'WRONG' }) == nil and errno() == errno.EPROTOTYPE
socket.getaddrinfo('host', 'port', { flags = 'WRONG' }) == nil and errno() == errno.EINVAL
+-- gh-4634: verify socket path length in socket.tcp_server.
+long_port = string.rep('a', 110)
+socket.tcp_server('unix/', long_port, function(s) end) == errno.ENOBUF
+
-- gh-574: check that fiber with getaddrinfo can be safely cancelled
test_run:cmd("setopt delimiter ';'")
f = fiber.create(function()
--
2.21.1 (Apple Git-122.3)
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Tarantool-patches] [PATCH] app: verify unix socket path length in socket.tcp_server()
2020-02-21 12:32 [Tarantool-patches] [PATCH] app: verify unix socket path length in socket.tcp_server() Chris Sosnin
@ 2020-02-22 16:28 ` Vladislav Shpilevoy
2020-02-22 16:43 ` Chris Sosnin
2020-02-24 18:18 ` Kirill Yukhin
1 sibling, 1 reply; 5+ messages in thread
From: Vladislav Shpilevoy @ 2020-02-22 16:28 UTC (permalink / raw)
To: Chris Sosnin, tarantool-patches
Hi! Thanks for the patch!
> diff --git a/test/app/socket.result b/test/app/socket.result
> index 9829df138..f47d06935 100644
> --- a/test/app/socket.result
> +++ b/test/app/socket.result
> @@ -1614,6 +1614,14 @@ socket.getaddrinfo('host', 'port', { flags = 'WRONG' }) == nil and errno() == er
> ---
> - true
> ...
> +-- gh-4634: verify socket path length in socket.tcp_server.
> +long_port = string.rep('a', 110)
> +---
> +...
> +socket.tcp_server('unix/', long_port, function(s) end) == errno.ENOBUF
Both function result and errno.ENOBUF are nil. No wonder they are equal.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Tarantool-patches] [PATCH] app: verify unix socket path length in socket.tcp_server()
2020-02-22 16:28 ` Vladislav Shpilevoy
@ 2020-02-22 16:43 ` Chris Sosnin
2020-02-23 14:58 ` Vladislav Shpilevoy
0 siblings, 1 reply; 5+ messages in thread
From: Chris Sosnin @ 2020-02-22 16:43 UTC (permalink / raw)
To: Vladislav Shpilevoy, tarantool-patches
Hi! Thank you for the review!
> 22 февр. 2020 г., в 19:28, Vladislav Shpilevoy <v.shpilevoy@tarantool.org> написал(а):
>
> Hi! Thanks for the patch!
>
>> diff --git a/test/app/socket.result b/test/app/socket.result
>> index 9829df138..f47d06935 100644
>> --- a/test/app/socket.result
>> +++ b/test/app/socket.result
>> @@ -1614,6 +1614,14 @@ socket.getaddrinfo('host', 'port', { flags = 'WRONG' }) == nil and errno() == er
>> ---
>> - true
>> ...
>> +-- gh-4634: verify socket path length in socket.tcp_server.
>> +long_port = string.rep('a', 110)
>> +---
>> +...
>> +socket.tcp_server('unix/', long_port, function(s) end) == errno.ENOBUF
>
> Both function result and errno.ENOBUF are nil. No wonder they are equal.
I’m sorry, I was very careless. The fix is pushed:
+-- gh-4634: verify socket path length in socket.tcp_server.
+long_port = string.rep('a', 110)
+socket.tcp_server('unix/', long_port, function(s) end) == nil and errno() == errno.ENOBUFS
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Tarantool-patches] [PATCH] app: verify unix socket path length in socket.tcp_server()
2020-02-22 16:43 ` Chris Sosnin
@ 2020-02-23 14:58 ` Vladislav Shpilevoy
0 siblings, 0 replies; 5+ messages in thread
From: Vladislav Shpilevoy @ 2020-02-23 14:58 UTC (permalink / raw)
To: Chris Sosnin, tarantool-patches
LGTM.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Tarantool-patches] [PATCH] app: verify unix socket path length in socket.tcp_server()
2020-02-21 12:32 [Tarantool-patches] [PATCH] app: verify unix socket path length in socket.tcp_server() Chris Sosnin
2020-02-22 16:28 ` Vladislav Shpilevoy
@ 2020-02-24 18:18 ` Kirill Yukhin
1 sibling, 0 replies; 5+ messages in thread
From: Kirill Yukhin @ 2020-02-24 18:18 UTC (permalink / raw)
To: Chris Sosnin; +Cc: tarantool-patches, v.shpilevoy
Hello,
On 21 фев 15:32, Chris Sosnin wrote:
> Providing socket pathname longer than UNIX_PATH_MAX to socket.tcp_server()
> will not cause any error, lbox_socket_local_resolve will just truncate the
> name according to the limit, causing bad behavior (tarantool will try to
> access a socket, which doesn't exist). Thus, let's verify, that pathname
> can fit into buffer.
>
> Closes #4634
> ---
> branch: https://github.com/tarantool/tarantool/tree/ksosnin/gh-4634-verify-socket-path-length
> issue: https://github.com/tarantool/tarantool/issues/4634
I've checked your patch into 2.3 and master.
--
Regards, Kirill Yukhin
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-02-24 18:18 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-02-21 12:32 [Tarantool-patches] [PATCH] app: verify unix socket path length in socket.tcp_server() Chris Sosnin
2020-02-22 16:28 ` Vladislav Shpilevoy
2020-02-22 16:43 ` Chris Sosnin
2020-02-23 14:58 ` Vladislav Shpilevoy
2020-02-24 18:18 ` Kirill Yukhin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox