-
-
Notifications
You must be signed in to change notification settings - Fork 30.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Missing terminated NUL in the length of sockaddr_un #88659
Comments
Changes have been made in this PR, waiting for reviewing. |
Hello and PING. |
sigh.. adding myself to nosy here too in the hope that this gets any traction |
I think I have already provided enough information about this bug. The References:
|
Ping Heimes. This is a huge bug that exists for a very long time, please consider merge it and fix it in the next relesae. |
Antoine, Serhiy, please take a look. You are the last developers that touched the AF_UNIX socket path code. Ty, why are you pinging me on this issue or on the PR? I'm neither familiar with that code nor responsible for it. |
Sorry Heimes. I just don't know who is responsible for this code, which is very very old. |
More about the tests: The error will only shows on BSD systems, for example macOS. Here are some tests done with C and Rust: If both the servers and clients are written in Python, you won't notice this bug because the original code ignored the length of sockaddr_un and use the sun_path as a C string (NUL terminated string). |
Oh, it should also occurs on Linux, I should correct that. |
We have a dedicated team of volunteers that triage incoming tickets. They assign tickets and ping experts. It looks like nobody triaged your submissions because nobody understood it. Your ticket did not contain an explanation and the link now goes to an unrelated line in the code. That is the reason I asked you to provide detailed information on the ticket. We have over 7,000 open tickets and over 1,600 open PRs. Your issue got lost in the noise. |
I am not the socket programming expert. It just happened that I fixed some bugs here. But according to the manpage https://man7.org/linux/man-pages/man7/unix.7.html the address length should include the terminating NUL: offsetof(struct sockaddr_un, sun_path) + strlen(sun_path) + 1. So the fix is correct. |
Bug filing tip for ty/zonyitoo: Describe the problem in the text when filing the bug. Include its consequences and how it is observed in practice. A bug filed just saying "look at this code, this is wrong" does not communicate a need for anyone to spend time on an issue or help others find an existing issue describing misbehavior they may be seeing. |
It looks like the length would be short by one in Python before this change, meaning binding or connecting to a non-anonymous named AF_UNIX socket potentially loses the last character of the path name intended to be bound? Depending on if the OS uses the length or trusts a null termination? That should be an observable behavior change. It also suggests that fixing this could break code that has been working around this bug forever by adding an extra character when binding or connecting to a non-anonymous AF_UNIX socket? Is that true? In what circumstances is this practically observed? |
Actually the OS will always trust the length has already contained the last NUL. The test I did in this issue: rust-lang/rust#69061 showed that:
Maybe we could discuss this on the Github's PR page? I am very sure that it could be reproduced. |
Hey, this change broke autobind of abstract unix socket on Linux: When you specify empty string as socket address, the socket is bound to a random from unix(7):
When you specify empty socket address (""), bind() is called with In python 3.8 (not including this change):
With python 3.9 (including this change):
Since this bug did not show any evidence of a bug, and did not include In general socket address is not null terminated, so we don't need to |
@nirs could you please open a new bug for the regression? Thanks! |
Sure, I also have a trivial fix. |
Opened #94821 to track this issue. |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: