You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
if (memcmp(addr.sin6_addr.s6_addr, p->remote_addr.sin6_addr.s6_addr,
sizeof(*p->remote_addr.sin6_addr.s6_addr)) ==0) {
cnt++;
}
}
if (cnt >= nsjconf->max_conns_per_ip) {
LOG_W("Rejecting connection from '%s', max_conns_per_ip limit reached: %u", cs_addr,
nsjconf->max_conns_per_ip);
return false;
}
There is a redundant dereference operator in the sizeof(...) of memcmp, so it would only compare the first byte of address and reject new connections too aggressively.
The relevant structures:
structsockaddr_in6 {
sa_family_tsin6_family; /* AF_INET6 */in_port_tsin6_port; /* port number */uint32_tsin6_flowinfo; /* IPv6 flow information */structin6_addrsin6_addr; /* IPv6 address */uint32_tsin6_scope_id; /* Scope ID (new in 2.4) */
};
structin6_addr {
unsigned chars6_addr[16]; /* IPv6 address */
};
The text was updated successfully, but these errors were encountered:
ShikChen
changed the title
The limit max_conns_per_ip is broken
The limit max_conns_per_ip is broken
Nov 4, 2017
nsjail/net.c
Lines 165 to 178 in e2529ce
There is a redundant dereference operator in the
sizeof(...)
ofmemcmp
, so it would only compare the first byte of address and reject new connections too aggressively.The relevant structures:
The text was updated successfully, but these errors were encountered: