tengine Memory corruption in ngx_http_upstream_dynamic_module

y3bcpkx1 于 23天前发布在其他

关注(0)|答案(2)|浏览(32)

The memory allocated in
tengine/modules/ngx_http_upstream_dynamic_module/ngx_http_upstream_dynamic_module.c

Line 249 in 9ecbaff

| | sin=ngx_pcalloc(r->pool, sizeof(structsockaddr_in)); |

may be too small for data size pc->socklen :

tengine/modules/ngx_http_upstream_dynamic_module/ngx_http_upstream_dynamic_module.c

Line 256 in 9ecbaff

| | ngx_memcpy(sin, pc->sockaddr, pc->socklen); |

A quick check is needed, somthing like:

if (pc->socklen > sizeof(struct sockaddr_in)) { 
  sin = ngx_pcalloc(r->pool, pc->socklen); 
} else {
  sin = ngx_pcalloc(r->pool, sizeof(struct sockaddr_in)); 
}

tengine

来源：https://github.com/alibaba/tengine/issues/1240

2条答案

按热度按时间

7z5jn7bk1#

@franciszek-koltuniuk-red thanks for your report. may be problems in the IPv6 scenario，BTW it does not support IPv6 and welcome the contribution of PR.

赞(0）回复(0）举报 23天前

nhaq1z212#

@franciszek-koltuniuk-red you can try it #1301 .

赞(0）回复(0）举报 23天前