gnunet-svn
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[libmicrohttpd] 01/02: MHD_add_connection(): added more checks for corre

From: gnunet
Subject: [libmicrohttpd] 01/02: MHD_add_connection(): added more checks for correct members of sockaddr
Date: Fri, 17 Nov 2023 05:53:39 +0100 
This is an automated email from the git hooks/post-receive script.

karlson2k pushed a commit to branch master
in repository libmicrohttpd.

commit 050c641bde6a829f4d009f475c1d25562dda45ad
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
AuthorDate: Thu Nov 16 17:05:32 2023 +0300

    MHD_add_connection(): added more checks for correct members of sockaddr
---
 src/microhttpd/daemon.c | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/src/microhttpd/daemon.c b/src/microhttpd/daemon.c
index 5cca4797..f7e5d0f3 100644
--- a/src/microhttpd/daemon.c
+++ b/src/microhttpd/daemon.c
@@ -3599,6 +3599,19 @@ MHD_add_connection (struct MHD_Daemon *daemon,
 #endif /* HAVE_MESSAGES */
         return MHD_NO;
       }
+#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
+      if ((0 != addr->sa_len) &&
+          (sizeof(struct sockaddr_in) > (size_t) addr->sa_len) )
+      {
+#ifdef HAVE_MESSAGES
+        MHD_DLOG (daemon,
+                  _ ("MHD_add_connection() has been called with " \
+                     "non-zero value of 'sa_len' member of " \
+                     "'struct sockaddr' which does not match 'sa_family'.\n"));
+#endif /* HAVE_MESSAGES */
+        return MHD_NO;
+      }
+#endif /* HAVE_STRUCT_SOCKADDR_SA_LEN */
     }
 #ifdef HAVE_INET6
     if (AF_INET6 == addr->sa_family)
@@ -3612,7 +3625,25 @@ MHD_add_connection (struct MHD_Daemon *daemon,
 #endif /* HAVE_MESSAGES */
         return MHD_NO;
       }
+#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
+      if ((0 != addr->sa_len) &&
+          (sizeof(struct sockaddr_in6) > (size_t) addr->sa_len) )
+      {
+#ifdef HAVE_MESSAGES
+        MHD_DLOG (daemon,
+                  _ ("MHD_add_connection() has been called with " \
+                     "non-zero value of 'sa_len' member of " \
+                     "'struct sockaddr' which does not match 'sa_family'.\n"));
+#endif /* HAVE_MESSAGES */
+        return MHD_NO;
+      }
+#endif /* HAVE_STRUCT_SOCKADDR_SA_LEN */
     }
+#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
+    if ((0 != addr->sa_len) &&
+        (addrlen > addr->sa_len))
+      addrlen = (socklen_t) addr->sa_len;   /* Use safest value */
+#endif /* HAVE_STRUCT_SOCKADDR_SA_LEN */
 #endif /* HAVE_INET6 */
   }
 

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]