Hello! On Wed, Sep 20, 2017 at 04:21:22PM +0300, Sergey Kandaurov wrote:
> > On 15 Aug 2017, at 13:10, Stephan Dollberg via nginx-devel > > <[email protected]> wrote: > > > > Hi, > > > > When using $binary_remote_addr together with unix sockets (without > > using X-Real-Ip) there is a heap buffer overread of two bytes. > > > > The problem is that we only allocate two bytes for c->sockaddr here > > http://hg.nginx.org/nginx/file/tip/src/event/ngx_event_accept.c#l167 > > but later on assume it to be of size four > > http://hg.nginx.org/nginx/file/tip/src/http/ngx_http_variables.c#l1246 > > > > > > Thanks, this is a valid report. > The reason is that UNIX-domain sockets support > is not implemented for $binary_remote_addr. > There are actually more issues, we are working on it. Fixes for this and related issues committed: http://hg.nginx.org/nginx/rev/fef61d26da39 http://hg.nginx.org/nginx/rev/874171c3c71a http://hg.nginx.org/nginx/rev/924b6ef942bf Thanks. -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx-devel mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx-devel
