]> git.ipfire.org Git - thirdparty/dovecot/core.git/commitdiff
projects / thirdparty / dovecot / core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f1dd517)
Make sure no data is leaked across processes via struct ip_addr fields.
authorTimo Sirainen <tss@iki.fi>
Mon, 20 Sep 2010 17:19:53 +0000 (18:19 +0100)
committerTimo Sirainen <tss@iki.fi>
Mon, 20 Sep 2010 17:19:53 +0000 (18:19 +0100)
src/lib/network.c patch | blob | blame | history

diff --git a/src/lib/network.c b/src/lib/network.c
index 64ed3f6622b85b0d814008fa71fa41d2e13bb570..8f010b9f0b317b797493da282e05664117692d23 100644 (file)
--- a/src/lib/network.c
+++ b/src/lib/network.c
@@ -99,6 +99,10 @@ sin_set_ip(union sockaddr_union *so, const struct ip_addr *ip)
 static inline void
 sin_get_ip(const union sockaddr_union *so, struct ip_addr *ip)
 {
+       /* IP structs may be sent across processes. Clear the whole struct
+          first to make sure it won't leak any data across processes. */
+       memset(ip, 0, sizeof(*ip));
+
        ip->family = so->sin.sin_family;
 
 #ifdef HAVE_IPV6
@@ -505,7 +509,8 @@ int net_accept(int fd, struct ip_addr *addr, unsigned int *port)
                        return -2;
        }
        if (so.sin.sin_family == AF_UNIX) {
-               if (addr != NULL) addr->family = 0;
+               if (addr != NULL)
+                       memset(addr, 0, sizeof(*addr));
                if (port != NULL) *port = 0;
        } else {
                if (addr != NULL) sin_get_ip(&so, addr);
@@ -634,7 +639,8 @@ int net_getsockname(int fd, struct ip_addr *addr, unsigned int *port)
        if (getsockname(fd, &so.sa, &addrlen) == -1)
                return -1;
        if (so.sin.sin_family == AF_UNIX) {
-               if (addr != NULL) addr->family = 0;
+               if (addr != NULL)
+                       memset(addr, 0, sizeof(*addr));
                if (port != NULL) *port = 0;
        } else {
                if (addr != NULL) sin_get_ip(&so, addr);
@@ -654,7 +660,8 @@ int net_getpeername(int fd, struct ip_addr *addr, unsigned int *port)
        if (getpeername(fd, &so.sa, &addrlen) == -1)
                return -1;
        if (so.sin.sin_family == AF_UNIX) {
-               if (addr != NULL) addr->family = 0;
+               if (addr != NULL)
+                       memset(addr, 0, sizeof(*addr));
                if (port != NULL) *port = 0;
        } else {
                if (addr != NULL) sin_get_ip(&so, addr);
Mirror of https://github.com/dovecot/core.git