On Fri, Jun 13, 2014 at 1:20 AM, Yann Ylavic <[email protected]> wrote: > On Fri, Jun 13, 2014 at 1:09 AM, Yann Ylavic <[email protected]> wrote: >> On Fri, Jun 13, 2014 at 12:32 AM, Yann Ylavic <[email protected]> wrote: >>> The most important imho is to not truncate the length at sizeof(struct >>> sockaddr_un) when the real sun_path is beyond sizeof(sun_path). >>> The libc calls are probably bullet proof regarding NUL termination >>> (eg. force ((char*)sun)[addrlen] = 0 and recompute the length like in >>> the linux code from your link above), setting the NUL ourself at the >>> good place seems reasonable though ;) >> >> Hence I think the correct behaviour is in mod_cgid, and something like >> the following patch should be applied : > > This one is better :
Well, finally, how about this one (the full monty, attached)?
ap_proxy_connect_un.patch
Description: application/download
