mod_proxy_fdpass.c

Yann Ylavic Thu, 12 Jun 2014 16:10:23 -0700

On Fri, Jun 13, 2014 at 12:32 AM, Yann Ylavic <ylavic....@gmail.com> wrote:
> The most important imho is to not truncate the length at sizeof(struct
> sockaddr_un) when the real sun_path is beyond sizeof(sun_path).
> The libc calls are probably bullet proof regarding NUL termination
> (eg. force ((char*)sun)[addrlen] = 0 and recompute the length like in
> the linux code from your link above), setting the NUL ourself at the
> good place seems reasonable though ;)


Hence I think the correct behaviour is in mod_cgid, and something like
the following patch should be applied :

Index: modules/proxy/mod_proxy_fdpass.c
===================================================================
--- modules/proxy/mod_proxy_fdpass.c    (revision 1602309)
+++ modules/proxy/mod_proxy_fdpass.c    (working copy)
@@ -103,7 +103,8 @@ static apr_status_t get_socket_from_path(apr_pool_
                                          const char* path,
                                          apr_socket_t **out_sock)
 {
-    struct sockaddr_un sa;
+    struct sockaddr_un *sa;
+    apr_socklen_t salen, len;
     apr_socket_t *s;
     apr_status_t rv;
     *out_sock = NULL;
@@ -114,10 +115,14 @@ static apr_status_t get_socket_from_path(apr_pool_
         return rv;
     }

-    sa.sun_family = AF_UNIX;
-    apr_cpystrn(sa.sun_path, path, sizeof(sa.sun_path));
+    len = strlen(path);
+    salen = APR_OFFSETOF(struct sockaddr_un, sun_path) + len;
+    sa = (struct sockaddr_un *)apr_palloc(p, salen + 1);
+    sa->sun_family = AF_UNIX;
+    memcpy(sa->sun_path, path, len);
+    sa->sun_path[len] = '\0';

-    rv = socket_connect_un(s, &sa);
+    rv = socket_connect_un(s, sa);
     if (rv != APR_SUCCESS) {
         return rv;
     }
Index: modules/proxy/proxy_util.c
===================================================================
--- modules/proxy/proxy_util.c    (revision 1602309)
+++ modules/proxy/proxy_util.c    (working copy)
@@ -2623,7 +2623,8 @@ PROXY_DECLARE(int) ap_proxy_connect_backend(const
 #if APR_HAVE_SYS_UN_H
         if (conn->uds_path)
         {
-            struct sockaddr_un sa;
+            struct sockaddr_un *sa;
+            apr_socklen_t salen, len;

             rv = apr_socket_create(&newsock, AF_UNIX, SOCK_STREAM, 0,
                                    conn->scpool);
@@ -2638,10 +2639,14 @@ PROXY_DECLARE(int) ap_proxy_connect_backend(const
             }
             conn->connection = NULL;

-            sa.sun_family = AF_UNIX;
-            apr_cpystrn(sa.sun_path, conn->uds_path, sizeof(sa.sun_path));
+            len = strlen(conn->uds_path);
+            salen = APR_OFFSETOF(struct sockaddr_un, sun_path) + len;
+            sa = (struct sockaddr_un *)apr_palloc(conn->scpool, salen + 1);
+            sa->sun_family = AF_UNIX;
+            memcpy(sa->sun_path, conn->uds_path, len);
+            sa->sun_path[len] = '\0';

-            rv = socket_connect_un(newsock, &sa);
+            rv = socket_connect_un(newsock, sa);
             if (rv != APR_SUCCESS) {
                 apr_socket_close(newsock);
                 ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, APLOGNO(02454)
[EOS]

Re: svn commit: r1598946 - in /httpd/httpd/trunk: CHANGES modules/proxy/mod_proxy_fdpass.c

Reply via email to