Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
Received-SPF: pass (athena.apache.org: local policy)
Message-ID: <539A0DEA.9090302@wanadoo.fr>
Date: Thu, 12 Jun 2014 22:30:34 +0200
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
 rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: dev@httpd.apache.org
Subject: Re: svn commit: r1598946 - in /httpd/httpd/trunk: CHANGES
 modules/proxy/mod_proxy_fdpass.c
References: <20140601065416.2BC112388980@eris.apache.org>
 <CAKQ1sVPOokLgZ55zChNSk=CTuBGMBG-8oT9xBT1K_ADrWHmv+w@mail.gmail.com>
In-Reply-To: 
 <CAKQ1sVPOokLgZ55zChNSk=CTuBGMBG-8oT9xBT1K_ADrWHmv+w@mail.gmail.com>
Content-Type: multipart/alternative;
 boundary="------------090205030702040105040907"

This is a multi-part message in MIME format.
--------------090205030702040105040907
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit

Le 10/06/2014 18:19, Yann Ylavic a écrit :
> On Sun, Jun 1, 2014 at 8:54 AM,  <jailletc36@apache.org> wrote:
>> Author: jailletc36
>> Date: Sun Jun  1 06:54:15 2014
>> New Revision: 1598946
>>
>> URL: http://svn.apache.org/r1598946
>> Log:
>> Fix computation of the size of 'struct sockaddr_un' when passed to 'connec()'.
> s/connec()/connect()/
Thx Fixed in r1598946


>
>> Use the same logic as the one in ' in 'proxy_util.c'.
>>
>> Modified:
>>      httpd/httpd/trunk/CHANGES
>>      httpd/httpd/trunk/modules/proxy/mod_proxy_fdpass.c
>>
> [...]
>> Modified: httpd/httpd/trunk/modules/proxy/mod_proxy_fdpass.c
>> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_fdpass.c?rev=1598946&r1=1598945&r2=1598946&view=diff
>> ==============================================================================
>> --- httpd/httpd/trunk/modules/proxy/mod_proxy_fdpass.c (original)
>> +++ httpd/httpd/trunk/modules/proxy/mod_proxy_fdpass.c Sun Jun  1 06:54:15 2014
>> @@ -55,6 +55,7 @@ static int proxy_fdpass_canon(request_re
>>   }
>>
>>   /* TODO: In APR 2.x: Extend apr_sockaddr_t to possibly be a path !!! */
>> +/* XXX: The same function exists in proxy_util.c */
> Shouldn't there be ap_proxy_socket_connect_un() then?

I didn't take time to do it but it was clearly what I had in mind with 
this note.
Should I resubmit?

>
>>   static apr_status_t socket_connect_un(apr_socket_t *sock,
>>                                         struct sockaddr_un *sa)
>>   {
>> @@ -73,8 +74,9 @@ static apr_status_t socket_connect_un(ap
>>       }
>>
>>       do {
>> -        rv = connect(rawsock, (struct sockaddr*)sa,
>> -                               sizeof(*sa) + strlen(sa->sun_path));
>> +        const socklen_t addrlen = APR_OFFSETOF(struct sockaddr_un, sun_path)
>> +                                  + strlen(sa->sun_path) + 1;
> Do we need +1 here?
>
> It seems that cgid_init() and apr_generate_random_bytes() (when
> HAVE_EGD) don't, whereas apr_sockaddr_info_get() and
> apr_sockaddr_vars_set() use (the faulty) sizeof(struct sockaddr_un).
>
> Most examples I have found don't include the '\0' (so isn't the
> SUN_LEN macro, which maybe you should use here).
> According to man UNIX(7) though, the +1 seems to be included by
> getsockname(), getpeername(), and accept() in their *addrlen output.
>
> Looks like connect() is not trusting the given length, and finds the
> '\0' by itself...
I didn't look at APR code and missed cgid with my grep.

Just as you, I didn't manage to find some consistent information about it.
     - 
http://pubs.opengroup.org/onlinepubs/9699919799/functions/connect.html 
suggests that the size of the whole structure should be used 
(i.e./address_len:///Specifies the length of the *sockaddr* structure 
pointed to by the /address/ argument.)
     - most examples I found don't add the +1 for the last '\0'
     - some examples have this +1 (and this sound logical to me)
     - SUN_LEN does not seem to be that used

One of the best post I've found is:
http://stackoverflow.com/questions/2307511/proper-length-of-an-af-unix-socket-when-calling-bind

In mod_proxy_fdpass and in proxy_util, this is safe because sun_path is 
filled with apr_cpystrn.
So, leaving the +1 looks safe to me as we will go beyond sizeof(struct 
sockaddr_un).


Any one else has an opinion?

CJ


--------------090205030702040105040907
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit

<html>
  <head>
    <meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <div class="moz-cite-prefix">Le 10/06/2014 18:19, Yann Ylavic a
      écrit :<br>
    </div>
    <blockquote
cite="mid:CAKQ1sVPOokLgZ55zChNSk=CTuBGMBG-8oT9xBT1K_ADrWHmv+w@mail.gmail.com"
      type="cite">
      <pre wrap="">On Sun, Jun 1, 2014 at 8:54 AM,  <a class="moz-txt-link-rfc2396E" href="mailto:jailletc36@apache.org">&lt;jailletc36@apache.org&gt;</a> wrote:
</pre>
      <blockquote type="cite">
        <pre wrap="">Author: jailletc36
Date: Sun Jun  1 06:54:15 2014
New Revision: 1598946

URL: <a class="moz-txt-link-freetext" href="http://svn.apache.org/r1598946">http://svn.apache.org/r1598946</a>
Log:
Fix computation of the size of 'struct sockaddr_un' when passed to 'connec()'.
</pre>
      </blockquote>
      <pre wrap="">
s/connec()/connect()/</pre>
    </blockquote>
    Thx Fixed in r1598946<br>
    <br>
    <br>
    <blockquote
cite="mid:CAKQ1sVPOokLgZ55zChNSk=CTuBGMBG-8oT9xBT1K_ADrWHmv+w@mail.gmail.com"
      type="cite"><br>
      <blockquote type="cite">
        <pre wrap="">Use the same logic as the one in ' in 'proxy_util.c'.

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/modules/proxy/mod_proxy_fdpass.c

</pre>
      </blockquote>
      <pre wrap="">[...]
</pre>
      <blockquote type="cite">
        <pre wrap="">Modified: httpd/httpd/trunk/modules/proxy/mod_proxy_fdpass.c
URL: <a class="moz-txt-link-freetext" href="http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_fdpass.c?rev=1598946&amp;r1=1598945&amp;r2=1598946&amp;view=diff">http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_fdpass.c?rev=1598946&amp;r1=1598945&amp;r2=1598946&amp;view=diff</a>
==============================================================================
--- httpd/httpd/trunk/modules/proxy/mod_proxy_fdpass.c (original)
+++ httpd/httpd/trunk/modules/proxy/mod_proxy_fdpass.c Sun Jun  1 06:54:15 2014
@@ -55,6 +55,7 @@ static int proxy_fdpass_canon(request_re
 }

 /* TODO: In APR 2.x: Extend apr_sockaddr_t to possibly be a path !!! */
+/* XXX: The same function exists in proxy_util.c */
</pre>
      </blockquote>
      <pre wrap="">
Shouldn't there be ap_proxy_socket_connect_un() then?</pre>
    </blockquote>
    <br>
    I didn't take time to do it but it was clearly what I had in mind
    with this note.<br>
    Should I resubmit?<br>
    <br>
    <blockquote
cite="mid:CAKQ1sVPOokLgZ55zChNSk=CTuBGMBG-8oT9xBT1K_ADrWHmv+w@mail.gmail.com"
      type="cite"><br>
      <blockquote type="cite">
        <pre wrap=""> static apr_status_t socket_connect_un(apr_socket_t *sock,
                                       struct sockaddr_un *sa)
 {
@@ -73,8 +74,9 @@ static apr_status_t socket_connect_un(ap
     }

     do {
-        rv = connect(rawsock, (struct sockaddr*)sa,
-                               sizeof(*sa) + strlen(sa-&gt;sun_path));
+        const socklen_t addrlen = APR_OFFSETOF(struct sockaddr_un, sun_path)
+                                  + strlen(sa-&gt;sun_path) + 1;
</pre>
      </blockquote>
      <pre wrap="">
Do we need +1 here?

It seems that cgid_init() and apr_generate_random_bytes() (when
HAVE_EGD) don't, whereas apr_sockaddr_info_get() and
apr_sockaddr_vars_set() use (the faulty) sizeof(struct sockaddr_un).

Most examples I have found don't include the '\0' (so isn't the
SUN_LEN macro, which maybe you should use here).
According to man UNIX(7) though, the +1 seems to be included by
getsockname(), getpeername(), and accept() in their *addrlen output.

Looks like connect() is not trusting the given length, and finds the
'\0' by itself...
</pre>
    </blockquote>
    I didn't look at APR code and missed cgid with my grep.<br>
    <br>
    Just as you, I didn't manage to find some consistent information
    about it. <br>
        -
    <a class="moz-txt-link-freetext" href="http://pubs.opengroup.org/onlinepubs/9699919799/functions/connect.html">http://pubs.opengroup.org/onlinepubs/9699919799/functions/connect.html</a>
    suggests that the size of the whole structure should be used (i.e.<i>address_len:</i><i>
    </i>Specifies the length of the <b>sockaddr</b> structure pointed
    to by the <i>address</i> argument.)<br>
        - most examples I found don't add the +1 for the last '\0'<br>
        - some examples have this +1 (and this sound logical to me)<br>
        - SUN_LEN does not seem to be that used<br>
    <br>
    One of the best post I've found is:<br>
      
<a class="moz-txt-link-freetext" href="http://stackoverflow.com/questions/2307511/proper-length-of-an-af-unix-socket-when-calling-bind">http://stackoverflow.com/questions/2307511/proper-length-of-an-af-unix-socket-when-calling-bind</a><br>
    <br>
    In mod_proxy_fdpass and in proxy_util, this is safe because sun_path
    is filled with apr_cpystrn.<br>
    So, leaving the +1 looks safe to me as we will go beyond
    sizeof(struct sockaddr_un).<br>
    <br>
    <br>
    Any one else has an opinion?<br>
    <br>
    CJ<br>
    <br>
  </body>
</html>

--------------090205030702040105040907--