[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[libmicrohttpd] 02/15: Added check for hypothetical too large accepted s
From: |
gnunet |
Subject: |
[libmicrohttpd] 02/15: Added check for hypothetical too large accepted sockets addresses |
Date: |
Fri, 28 Oct 2022 11:21:51 +0200 |
This is an automated email from the git hooks/post-receive script.
karlson2k pushed a commit to branch master
in repository libmicrohttpd.
commit cf6f91bd6ef6d1cd6e430e7ccaa898e67739d20d
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
AuthorDate: Fri Oct 14 13:59:55 2022 +0300
Added check for hypothetical too large accepted sockets addresses
Also added warning (instead of rejection) for zero-length addresses.
---
src/microhttpd/daemon.c | 85 +++++++++++++++++++++++++++++++++++--------------
1 file changed, 61 insertions(+), 24 deletions(-)
diff --git a/src/microhttpd/daemon.c b/src/microhttpd/daemon.c
index c5aa3d9d..60aa2471 100644
--- a/src/microhttpd/daemon.c
+++ b/src/microhttpd/daemon.c
@@ -3656,6 +3656,7 @@ MHD_accept_connection (struct MHD_Daemon *daemon)
bool sk_nonbl;
bool sk_spipe_supprs;
bool sk_cloexec;
+ enum MHD_tristate sk_non_ip;
#ifdef MHD_USE_THREADS
mhd_assert ( (0 == (daemon->options & MHD_USE_INTERNAL_POLLING_THREAD)) || \
@@ -3675,37 +3676,48 @@ MHD_accept_connection (struct MHD_Daemon *daemon)
addrstorage.ss_len = addrlen;
#endif /* HAVE_STRUCT_SOCKADDR_STORAGE_SS_LEN */
+ /* Initialise with default values to avoid compiler warnings */
+ sk_nonbl = false;
+ sk_spipe_supprs = false;
+ sk_cloexec = false;
+
#ifdef USE_ACCEPT4
- s = accept4 (fd,
- (struct sockaddr *) &addrstorage,
- &addrlen,
- SOCK_CLOEXEC_OR_ZERO | SOCK_NONBLOCK_OR_ZERO
- | SOCK_NOSIGPIPE_OR_ZERO);
- sk_nonbl = (SOCK_NONBLOCK_OR_ZERO != 0);
+ if (MHD_INVALID_SOCKET !=
+ (s = accept4 (fd,
+ (struct sockaddr *) &addrstorage,
+ &addrlen,
+ SOCK_CLOEXEC_OR_ZERO | SOCK_NONBLOCK_OR_ZERO
+ | SOCK_NOSIGPIPE_OR_ZERO)))
+ {
+ sk_nonbl = (SOCK_NONBLOCK_OR_ZERO != 0);
#ifndef MHD_WINSOCK_SOCKETS
- sk_spipe_supprs = (SOCK_NOSIGPIPE_OR_ZERO != 0);
+ sk_spipe_supprs = (SOCK_NOSIGPIPE_OR_ZERO != 0);
#else /* MHD_WINSOCK_SOCKETS */
- sk_spipe_supprs = true; /* Nothing to suppress on W32 */
+ sk_spipe_supprs = true; /* Nothing to suppress on W32 */
#endif /* MHD_WINSOCK_SOCKETS */
- sk_cloexec = (SOCK_CLOEXEC_OR_ZERO != 0);
+ sk_cloexec = (SOCK_CLOEXEC_OR_ZERO != 0);
+ }
#else /* ! USE_ACCEPT4 */
- s = accept (fd,
- (struct sockaddr *) &addrstorage,
- &addrlen);
+ if (MHD_INVALID_SOCKET !=
+ (s = accept (fd,
+ (struct sockaddr *) &addrstorage,
+ &addrlen)))
+ {
#ifdef MHD_ACCEPT_INHERIT_NONBLOCK
- sk_nonbl = daemon->listen_nonblk;
+ sk_nonbl = daemon->listen_nonblk;
#else /* ! MHD_ACCEPT_INHERIT_NONBLOCK */
- sk_nonbl = false;
+ sk_nonbl = false;
#endif /* ! MHD_ACCEPT_INHERIT_NONBLOCK */
#ifndef MHD_WINSOCK_SOCKETS
- sk_spipe_supprs = false;
+ sk_spipe_supprs = false;
#else /* MHD_WINSOCK_SOCKETS */
- sk_spipe_supprs = true; /* Nothing to suppress on W32 */
+ sk_spipe_supprs = true; /* Nothing to suppress on W32 */
#endif /* MHD_WINSOCK_SOCKETS */
- sk_cloexec = false;
+ sk_cloexec = false;
+ }
#endif /* ! USE_ACCEPT4 */
- if ( (MHD_INVALID_SOCKET == s) ||
- (addrlen <= 0) )
+
+ if (MHD_INVALID_SOCKET == s)
{
const int err = MHD_socket_get_error_ ();
@@ -3721,10 +3733,6 @@ MHD_accept_connection (struct MHD_Daemon *daemon)
_ ("Error accepting connection: %s\n"),
MHD_socket_strerr_ (err));
#endif
- if (MHD_INVALID_SOCKET != s)
- {
- MHD_socket_close_chk_ (s);
- }
if (MHD_SCKT_ERR_IS_LOW_RESOURCES_ (err) )
{
/* system/process out of resources */
@@ -3762,6 +3770,35 @@ MHD_accept_connection (struct MHD_Daemon *daemon)
return MHD_NO;
}
+ sk_non_ip = daemon->listen_is_unix;
+ if (0 >= addrlen)
+ {
+ /* Should not happen as 'sockaddr_storage' must be large enough to
+ * store any address supported by the system. */
+#ifdef HAVE_MESSAGES
+ if (_MHD_NO != daemon->listen_is_unix)
+ MHD_DLOG (daemon,
+ _ ("Accepted socket has zero-length address. "
+ "Processing the new socket as a socket with " \
+ "unknown type.\n"));
+#endif
+ addrlen = 0;
+ sk_non_ip = _MHD_YES; /* IP-type addresses have non-zero length */
+ }
+ if (((socklen_t) sizeof (addrstorage)) < addrlen)
+ {
+ /* Should not happen as 'sockaddr_storage' must be large enough to
+ * store any address supported by the system. */
+#ifdef HAVE_MESSAGES
+ MHD_DLOG (daemon,
+ _ ("Accepted socket address is larger than expected by " \
+ "system headers. Processing the new socket as a socket with "
\
+ "unknown type.\n"));
+#endif
+ addrlen = 0;
+ sk_non_ip = _MHD_YES; /* IP-type addresses must fit */
+ }
+
if (! sk_nonbl && ! MHD_socket_nonblocking_ (s))
{
#ifdef HAVE_MESSAGES
@@ -3825,7 +3862,7 @@ MHD_accept_connection (struct MHD_Daemon *daemon)
false,
sk_nonbl,
sk_spipe_supprs,
- daemon->listen_is_unix);
+ sk_non_ip);
return MHD_YES;
}
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [libmicrohttpd] branch master updated (5e0c2223 -> 9f4a08a8), gnunet, 2022/10/28
- [libmicrohttpd] 03/15: New values for MHD_ConnectionEventLoopInfo, gnunet, 2022/10/28
- [libmicrohttpd] 12/15: test_head: added check for excess data in reply, gnunet, 2022/10/28
- [libmicrohttpd] 04/15: Added new state for MHD_ConnectionEventLoopInfo, gnunet, 2022/10/28
- [libmicrohttpd] 14/15: postprocessor.h: fixed typos in doxy, gnunet, 2022/10/28
- [libmicrohttpd] 11/15: testcurl: added test with Content-Length broken value in request, gnunet, 2022/10/28
- [libmicrohttpd] 08/15: Do not send "100 Continue" if part of the request body is already received, gnunet, 2022/10/28
- [libmicrohttpd] 01/15: Added ability to check for MHD debug builds at run-time, gnunet, 2022/10/28
- [libmicrohttpd] 02/15: Added check for hypothetical too large accepted sockets addresses,
gnunet <=
- [libmicrohttpd] 13/15: test_head: check libcurl for timeout value, gnunet, 2022/10/28
- [libmicrohttpd] 06/15: Renamed one more connection state for clarity, gnunet, 2022/10/28
- [libmicrohttpd] 05/15: Renamed one state in MHD_ConnectionEventLoopInfo for clarity, gnunet, 2022/10/28
- [libmicrohttpd] 10/15: connection.c: fixed handling of various errors automatically detected by MHD code, gnunet, 2022/10/28
- [libmicrohttpd] 09/15: Reworked partial processing of the upload, gnunet, 2022/10/28
- [libmicrohttpd] 15/15: microhttpd.h: doxy improvements, gnunet, 2022/10/28
- [libmicrohttpd] 07/15: Do not send "100 Continue" if request does not have a body, gnunet, 2022/10/28