From 41d8ea8c8d268555d3cbd8dd2ab32dcc06658209 Mon Sep 17 00:00:00 2001 From: Maxim Dounin Date: Wed, 4 Oct 2017 21:19:42 +0300 Subject: Fixed handling of unix sockets in $binary_remote_addr. Previously, unix sockets were treated as AF_INET ones, and this may result in buffer overread on Linux, where unbound unix sockets have 2-byte addresses. Note that it is not correct to use just sun_path as a binary representation for unix sockets. This will result in an empty string for unbound unix sockets, and thus behaviour of limit_req and limit_conn will change when switching from $remote_addr to $binary_remote_addr. As such, normal text representation is used. Reported by Stephan Dollberg. --- src/http/ngx_http_variables.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'src/http') diff --git a/src/http/ngx_http_variables.c b/src/http/ngx_http_variables.c index afeb4ce65..ab82177ca 100644 --- a/src/http/ngx_http_variables.c +++ b/src/http/ngx_http_variables.c @@ -1240,6 +1240,18 @@ ngx_http_variable_binary_remote_addr(ngx_http_request_t *r, break; #endif +#if (NGX_HAVE_UNIX_DOMAIN) + case AF_UNIX: + + v->len = r->connection->addr_text.len; + v->valid = 1; + v->no_cacheable = 0; + v->not_found = 0; + v->data = r->connection->addr_text.data; + + break; +#endif + default: /* AF_INET */ sin = (struct sockaddr_in *) r->connection->sockaddr; -- cgit