dovecot-2.0: Make sure no data is leaked across processes via st...
dovecot at dovecot.org
dovecot at dovecot.org
Mon Sep 20 20:19:57 EEST 2010
details: http://hg.dovecot.org/dovecot-2.0/rev/e403f4dc95ea
changeset: 12138:e403f4dc95ea
user: Timo Sirainen <tss at iki.fi>
date: Mon Sep 20 18:19:53 2010 +0100
description:
Make sure no data is leaked across processes via struct ip_addr fields.
diffstat:
src/lib/network.c | 13 ++++++++++---
1 files changed, 10 insertions(+), 3 deletions(-)
diffs (44 lines):
diff -r 16330c0c8ef4 -r e403f4dc95ea src/lib/network.c
--- a/src/lib/network.c Mon Sep 20 17:50:29 2010 +0100
+++ b/src/lib/network.c Mon Sep 20 18:19:53 2010 +0100
@@ -99,6 +99,10 @@
static inline void
sin_get_ip(const union sockaddr_union *so, struct ip_addr *ip)
{
+ /* IP structs may be sent across processes. Clear the whole struct
+ first to make sure it won't leak any data across processes. */
+ memset(ip, 0, sizeof(*ip));
+
ip->family = so->sin.sin_family;
#ifdef HAVE_IPV6
@@ -505,7 +509,8 @@
return -2;
}
if (so.sin.sin_family == AF_UNIX) {
- if (addr != NULL) addr->family = 0;
+ if (addr != NULL)
+ memset(addr, 0, sizeof(*addr));
if (port != NULL) *port = 0;
} else {
if (addr != NULL) sin_get_ip(&so, addr);
@@ -634,7 +639,8 @@
if (getsockname(fd, &so.sa, &addrlen) == -1)
return -1;
if (so.sin.sin_family == AF_UNIX) {
- if (addr != NULL) addr->family = 0;
+ if (addr != NULL)
+ memset(addr, 0, sizeof(*addr));
if (port != NULL) *port = 0;
} else {
if (addr != NULL) sin_get_ip(&so, addr);
@@ -654,7 +660,8 @@
if (getpeername(fd, &so.sa, &addrlen) == -1)
return -1;
if (so.sin.sin_family == AF_UNIX) {
- if (addr != NULL) addr->family = 0;
+ if (addr != NULL)
+ memset(addr, 0, sizeof(*addr));
if (port != NULL) *port = 0;
} else {
if (addr != NULL) sin_get_ip(&so, addr);
More information about the dovecot-cvs
mailing list