Welcome! Log In Create A New Profile

Re: Heap buffer overflow (read) when using $binary_remote_addr with unix sockets

Forum List Message List New Topic Print View

Maxim Dounin

October 04, 2017 03:12PM

Hello!

On Wed, Sep 20, 2017 at 04:21:22PM +0300, Sergey Kandaurov wrote:

> > On 15 Aug 2017, at 13:10, Stephan Dollberg via nginx-devel <nginx-devel@nginx.org> wrote:
> >
> > Hi,
> >
> > When using $binary_remote_addr together with unix sockets (without
> > using X-Real-Ip) there is a heap buffer overread of two bytes.
> >
> > The problem is that we only allocate two bytes for c->sockaddr here
> > http://hg.nginx.org/nginx/file/tip/src/event/ngx_event_accept.c#l167
> > but later on assume it to be of size four
> > http://hg.nginx.org/nginx/file/tip/src/http/ngx_http_variables.c#l1246
> >
> >
>
> Thanks, this is a valid report.
> The reason is that UNIX-domain sockets support
> is not implemented for $binary_remote_addr.
> There are actually more issues, we are working on it.

Fixes for this and related issues committed:

http://hg.nginx.org/nginx/rev/fef61d26da39
http://hg.nginx.org/nginx/rev/874171c3c71a
http://hg.nginx.org/nginx/rev/924b6ef942bf

Thanks.

--
Maxim Dounin
http://nginx.org/
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply Quote

RSS

Subject	Author	Views	Posted
Heap buffer overflow (read) when using $binary_remote_addr with unix sockets	Stephan Dollberg via nginx-devel	574	August 15, 2017 06:12AM
Re: Heap buffer overflow (read) when using $binary_remote_addr with unix sockets	Sergey Kandaurov	183	September 20, 2017 09:22AM
Re: Heap buffer overflow (read) when using $binary_remote_addr with unix sockets	Maxim Dounin	207	October 04, 2017 03:12PM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 112

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018