[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[libmicrohttpd] 01/02: MHD_add_connection(): added more checks for corre
From: |
gnunet |
Subject: |
[libmicrohttpd] 01/02: MHD_add_connection(): added more checks for correct members of sockaddr |
Date: |
Fri, 17 Nov 2023 05:53:39 +0100 |
This is an automated email from the git hooks/post-receive script.
karlson2k pushed a commit to branch master
in repository libmicrohttpd.
commit 050c641bde6a829f4d009f475c1d25562dda45ad
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
AuthorDate: Thu Nov 16 17:05:32 2023 +0300
MHD_add_connection(): added more checks for correct members of sockaddr
---
src/microhttpd/daemon.c | 31 +++++++++++++++++++++++++++++++
1 file changed, 31 insertions(+)
diff --git a/src/microhttpd/daemon.c b/src/microhttpd/daemon.c
index 5cca4797..f7e5d0f3 100644
--- a/src/microhttpd/daemon.c
+++ b/src/microhttpd/daemon.c
@@ -3599,6 +3599,19 @@ MHD_add_connection (struct MHD_Daemon *daemon,
#endif /* HAVE_MESSAGES */
return MHD_NO;
}
+#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
+ if ((0 != addr->sa_len) &&
+ (sizeof(struct sockaddr_in) > (size_t) addr->sa_len) )
+ {
+#ifdef HAVE_MESSAGES
+ MHD_DLOG (daemon,
+ _ ("MHD_add_connection() has been called with " \
+ "non-zero value of 'sa_len' member of " \
+ "'struct sockaddr' which does not match 'sa_family'.\n"));
+#endif /* HAVE_MESSAGES */
+ return MHD_NO;
+ }
+#endif /* HAVE_STRUCT_SOCKADDR_SA_LEN */
}
#ifdef HAVE_INET6
if (AF_INET6 == addr->sa_family)
@@ -3612,7 +3625,25 @@ MHD_add_connection (struct MHD_Daemon *daemon,
#endif /* HAVE_MESSAGES */
return MHD_NO;
}
+#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
+ if ((0 != addr->sa_len) &&
+ (sizeof(struct sockaddr_in6) > (size_t) addr->sa_len) )
+ {
+#ifdef HAVE_MESSAGES
+ MHD_DLOG (daemon,
+ _ ("MHD_add_connection() has been called with " \
+ "non-zero value of 'sa_len' member of " \
+ "'struct sockaddr' which does not match 'sa_family'.\n"));
+#endif /* HAVE_MESSAGES */
+ return MHD_NO;
+ }
+#endif /* HAVE_STRUCT_SOCKADDR_SA_LEN */
}
+#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
+ if ((0 != addr->sa_len) &&
+ (addrlen > addr->sa_len))
+ addrlen = (socklen_t) addr->sa_len; /* Use safest value */
+#endif /* HAVE_STRUCT_SOCKADDR_SA_LEN */
#endif /* HAVE_INET6 */
}
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.