mirror of
https://repo.or.cz/socat.git
synced 2024-12-23 07:52:32 +00:00
fixed a bug where socat might crash when connecting to a unix domain socket using address GOPEN
This commit is contained in:
parent
364edd63df
commit
51d9b5d76a
3 changed files with 64 additions and 2 deletions
4
CHANGES
4
CHANGES
|
@ -30,6 +30,10 @@ corrections:
|
||||||
endian systems due to wrong byte order (thanks to Peter M. Galbavy for
|
endian systems due to wrong byte order (thanks to Peter M. Galbavy for
|
||||||
bug report and patch)
|
bug report and patch)
|
||||||
|
|
||||||
|
fixed a bug where socat might crash when connecting to a unix domain
|
||||||
|
socket using address GOPEN. Thanks to Martin Forssen for bug report and
|
||||||
|
patch.
|
||||||
|
|
||||||
docu mentions option so-bindtodev but correct name is so-bindtodevice.
|
docu mentions option so-bindtodev but correct name is so-bindtodevice.
|
||||||
Thanks to Jim Zimmerman for reporting.
|
Thanks to Jim Zimmerman for reporting.
|
||||||
|
|
||||||
|
|
58
test.sh
58
test.sh
|
@ -10697,6 +10697,64 @@ PORT=$((PORT+1))
|
||||||
N=$((N+1))
|
N=$((N+1))
|
||||||
|
|
||||||
|
|
||||||
|
# test for a bug in gopen that lead to crash or warning when opening a unix
|
||||||
|
# domain socket with GOPEN
|
||||||
|
NAME=GOPEN_UNIX_CRASH
|
||||||
|
case "$TESTS" in
|
||||||
|
*%functions%*|*%bugs%*|*%gopen%*|*%unix%*|*%socket%*|*%$NAME%*)
|
||||||
|
TEST="$NAME: check crash when connecting to a unix domain socket using address GOPEN"
|
||||||
|
# a unix domain server is started in background. the check process connects to
|
||||||
|
# its socket. when this process crashes or issues a warning the bug is present.
|
||||||
|
# please note that a clean behaviour does not proof anything; behaviour of bug
|
||||||
|
# depends on the value of an uninitialized var
|
||||||
|
#set -vx
|
||||||
|
if ! eval $NUMCOND; then :; else
|
||||||
|
tf="$td/test$N.stdout"
|
||||||
|
te="$td/test$N.stderr"
|
||||||
|
ts="$td/test$N.sock"
|
||||||
|
tdiff="$td/test$N.diff"
|
||||||
|
da="test$N $(date) $RANDOM"
|
||||||
|
CMD0="$SOCAT $opts UNIX-LISTEN:$ts PIPE"
|
||||||
|
CMD1="$SOCAT $opts -d - GOPEN:$ts"
|
||||||
|
printf "test $F_n $TEST... " $N
|
||||||
|
$CMD0 >/dev/null 2>"${te}0" </dev/null &
|
||||||
|
pid0=$!
|
||||||
|
waitunixport "$ts" 1
|
||||||
|
echo "$da" |$CMD1 >"${tf}1" 2>"${te}1"
|
||||||
|
rc1=$?
|
||||||
|
kill $pid0 2>/dev/null; wait
|
||||||
|
if [ $rc1 -ne 0 ]; then
|
||||||
|
$PRINTF "$FAILED\n"
|
||||||
|
echo "$CMD0 &"
|
||||||
|
echo "$CMD1"
|
||||||
|
cat "${te}0"
|
||||||
|
cat "${te}1"
|
||||||
|
numFAIL=$((numFAIL+1))
|
||||||
|
elif grep -q ' W ' "${te}1"; then
|
||||||
|
$PRINTF "$FAILED\n"
|
||||||
|
echo "$CMD0 &"
|
||||||
|
echo "$CMD1"
|
||||||
|
cat "${te}0"
|
||||||
|
cat "${te}1"
|
||||||
|
numFAIL=$((numFAIL+1))
|
||||||
|
elif ! echo "$da" |diff - ${tf}1 >"$tdiff"; then
|
||||||
|
$PRINTF "$FAILED\n"
|
||||||
|
echo "$CMD0 &"
|
||||||
|
echo "$CMD1"
|
||||||
|
cat "${te}0"
|
||||||
|
cat "${te}1"
|
||||||
|
cat "$tdiff"
|
||||||
|
numFAIL=$((numFAIL+1))
|
||||||
|
else
|
||||||
|
$PRINTF "$OK\n"
|
||||||
|
numOK=$((numOK+1))
|
||||||
|
fi
|
||||||
|
fi # NUMCOND
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
N=$((N+1))
|
||||||
|
|
||||||
|
|
||||||
# socat up to 1.7.2.0 and 2.0.0-b4 had a bug in xioscan_readline() that could
|
# socat up to 1.7.2.0 and 2.0.0-b4 had a bug in xioscan_readline() that could
|
||||||
# be exploited
|
# be exploited
|
||||||
# to overflow a heap based buffer (socat security advisory 3)
|
# to overflow a heap based buffer (socat security advisory 3)
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/* source: xio-gopen.c */
|
/* source: xio-gopen.c */
|
||||||
/* Copyright Gerhard Rieger 2001-2008 */
|
/* Copyright Gerhard Rieger 2001-2012 */
|
||||||
/* Published under the GNU General Public License V.2, see file COPYING */
|
/* Published under the GNU General Public License V.2, see file COPYING */
|
||||||
|
|
||||||
/* this file contains the source for opening addresses of generic open type */
|
/* this file contains the source for opening addresses of generic open type */
|
||||||
|
@ -53,7 +53,7 @@ static int xioopen_gopen1(int argc, const char *argv[], struct opt *opts, int xi
|
||||||
if (exists && S_ISSOCK(st_mode)) {
|
if (exists && S_ISSOCK(st_mode)) {
|
||||||
#if WITH_UNIX
|
#if WITH_UNIX
|
||||||
union sockaddr_union us;
|
union sockaddr_union us;
|
||||||
socklen_t uslen;
|
socklen_t uslen = sizeof(us);
|
||||||
char infobuff[256];
|
char infobuff[256];
|
||||||
|
|
||||||
Info1("\"%s\" is a socket, connecting to it", filename);
|
Info1("\"%s\" is a socket, connecting to it", filename);
|
||||||
|
|
Loading…
Reference in a new issue