[PATCH] Filtering duplicate addresses in listen (ticket #2400)
Sergey Kandaurov
pluknet at nginx.com
Wed Nov 23 12:56:10 UTC 2022
On Sun, Oct 30, 2022 at 05:41:00AM +0300, Maxim Dounin wrote:
> # HG changeset patch
> # User Maxim Dounin <mdounin at mdounin.ru>
> # Date 1667097653 -10800
> # Sun Oct 30 05:40:53 2022 +0300
> # Node ID 55bcf8dc4ee35ccf40f5b8a7cffde63e7edb9494
> # Parent 1ae25660c0c76edef14121ca64362f28b9d57a70
> Filtering duplicate addresses in listen (ticket #2400).
>
> Due to the glibc bug[1], getaddrinfo("localhost") with AI_ADDRCONFIG
> on a typical host with glibc and without IPv6 returns two 127.0.0.1
> addresses, and therefore "listen localhost:80;" used to result the
result in ?
> "duplicate ... address and port pair" after 4f9b72a229c1.
>
> Fix is to explicitly filter out duplicate addresses returned during
> resolution of a name.
>
> [1] https://sourceware.org/bugzilla/show_bug.cgi?id=14969
>
> diff --git a/src/http/ngx_http_core_module.c b/src/http/ngx_http_core_module.c
> --- a/src/http/ngx_http_core_module.c
> +++ b/src/http/ngx_http_core_module.c
> @@ -3963,7 +3963,7 @@ ngx_http_core_listen(ngx_conf_t *cf, ngx
>
> ngx_str_t *value, size;
> ngx_url_t u;
> - ngx_uint_t n;
> + ngx_uint_t n, i;
> ngx_http_listen_opt_t lsopt;
>
> cscf->listen = 1;
> @@ -4289,6 +4289,16 @@ ngx_http_core_listen(ngx_conf_t *cf, ngx
> }
>
> for (n = 0; n < u.naddrs; n++) {
> +
> + for (i = 0; i < n; i++) {
> + if (ngx_cmp_sockaddr(u.addrs[n].sockaddr, u.addrs[n].socklen,
> + u.addrs[i].sockaddr, u.addrs[i].socklen, 0)
> + == NGX_OK)
> + {
> + goto next;
> + }
> + }
> +
> lsopt.sockaddr = u.addrs[n].sockaddr;
> lsopt.socklen = u.addrs[n].socklen;
> lsopt.addr_text = u.addrs[n].name;
> @@ -4297,6 +4307,9 @@ ngx_http_core_listen(ngx_conf_t *cf, ngx
> if (ngx_http_add_listen(cf, cscf, &lsopt) != NGX_OK) {
> return NGX_CONF_ERROR;
> }
> +
> + next:
> + continue;
> }
>
> return NGX_CONF_OK;
> diff --git a/src/mail/ngx_mail_core_module.c b/src/mail/ngx_mail_core_module.c
> --- a/src/mail/ngx_mail_core_module.c
> +++ b/src/mail/ngx_mail_core_module.c
> @@ -308,7 +308,7 @@ ngx_mail_core_listen(ngx_conf_t *cf, ngx
> ngx_str_t *value, size;
> ngx_url_t u;
> ngx_uint_t i, n, m;
> - ngx_mail_listen_t *ls, *als;
> + ngx_mail_listen_t *ls, *als, *nls;
> ngx_mail_module_t *module;
> ngx_mail_core_main_conf_t *cmcf;
>
> @@ -333,7 +333,7 @@ ngx_mail_core_listen(ngx_conf_t *cf, ngx
>
> cmcf = ngx_mail_conf_get_module_main_conf(cf, ngx_mail_core_module);
>
> - ls = ngx_array_push_n(&cmcf->listen, u.naddrs);
> + ls = ngx_array_push(&cmcf->listen);
> if (ls == NULL) {
> return NGX_CONF_ERROR;
> }
> @@ -571,17 +571,37 @@ ngx_mail_core_listen(ngx_conf_t *cf, ngx
> als = cmcf->listen.elts;
With push of additional cmcf->listen elements moved inside loop,
als can become a stale pointer due to reallocation in ngx_array_push().
As such, als assignment should be kept updated (here and in stream).
Otherwise, looks good.
>
> for (n = 0; n < u.naddrs; n++) {
> - ls[n] = ls[0];
> +
> + for (i = 0; i < n; i++) {
> + if (ngx_cmp_sockaddr(u.addrs[n].sockaddr, u.addrs[n].socklen,
> + u.addrs[i].sockaddr, u.addrs[i].socklen, 0)
> + == NGX_OK)
> + {
> + goto next;
> + }
> + }
>
> - ls[n].sockaddr = u.addrs[n].sockaddr;
> - ls[n].socklen = u.addrs[n].socklen;
> - ls[n].addr_text = u.addrs[n].name;
> - ls[n].wildcard = ngx_inet_wildcard(ls[n].sockaddr);
> + if (n != 0) {
> + nls = ngx_array_push(&cmcf->listen);
> + if (nls == NULL) {
> + return NGX_CONF_ERROR;
> + }
> +
> + *nls = *ls;
>
> - for (i = 0; i < cmcf->listen.nelts - u.naddrs + n; i++) {
> + } else {
> + nls = ls;
> + }
> +
> + nls->sockaddr = u.addrs[n].sockaddr;
> + nls->socklen = u.addrs[n].socklen;
> + nls->addr_text = u.addrs[n].name;
> + nls->wildcard = ngx_inet_wildcard(nls->sockaddr);
> +
> + for (i = 0; i < cmcf->listen.nelts - 1; i++) {
>
> if (ngx_cmp_sockaddr(als[i].sockaddr, als[i].socklen,
> - ls[n].sockaddr, ls[n].socklen, 1)
> + nls->sockaddr, nls->socklen, 1)
> != NGX_OK)
> {
> continue;
> @@ -589,9 +609,12 @@ ngx_mail_core_listen(ngx_conf_t *cf, ngx
>
> ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
> "duplicate \"%V\" address and port pair",
> - &ls[n].addr_text);
> + &nls->addr_text);
> return NGX_CONF_ERROR;
> }
> +
> + next:
> + continue;
> }
>
> return NGX_CONF_OK;
> diff --git a/src/stream/ngx_stream_core_module.c b/src/stream/ngx_stream_core_module.c
> --- a/src/stream/ngx_stream_core_module.c
> +++ b/src/stream/ngx_stream_core_module.c
> @@ -578,7 +578,7 @@ ngx_stream_core_listen(ngx_conf_t *cf, n
> ngx_str_t *value, size;
> ngx_url_t u;
> ngx_uint_t i, n, backlog;
> - ngx_stream_listen_t *ls, *als;
> + ngx_stream_listen_t *ls, *als, *nls;
> ngx_stream_core_main_conf_t *cmcf;
>
> cscf->listen = 1;
> @@ -602,7 +602,7 @@ ngx_stream_core_listen(ngx_conf_t *cf, n
>
> cmcf = ngx_stream_conf_get_module_main_conf(cf, ngx_stream_core_module);
>
> - ls = ngx_array_push_n(&cmcf->listen, u.naddrs);
> + ls = ngx_array_push(&cmcf->listen);
> if (ls == NULL) {
> return NGX_CONF_ERROR;
> }
> @@ -889,20 +889,40 @@ ngx_stream_core_listen(ngx_conf_t *cf, n
> als = cmcf->listen.elts;
>
> for (n = 0; n < u.naddrs; n++) {
> - ls[n] = ls[0];
> +
> + for (i = 0; i < n; i++) {
> + if (ngx_cmp_sockaddr(u.addrs[n].sockaddr, u.addrs[n].socklen,
> + u.addrs[i].sockaddr, u.addrs[i].socklen, 0)
> + == NGX_OK)
> + {
> + goto next;
> + }
> + }
>
> - ls[n].sockaddr = u.addrs[n].sockaddr;
> - ls[n].socklen = u.addrs[n].socklen;
> - ls[n].addr_text = u.addrs[n].name;
> - ls[n].wildcard = ngx_inet_wildcard(ls[n].sockaddr);
> + if (n != 0) {
> + nls = ngx_array_push(&cmcf->listen);
> + if (nls == NULL) {
> + return NGX_CONF_ERROR;
> + }
> +
> + *nls = *ls;
>
> - for (i = 0; i < cmcf->listen.nelts - u.naddrs + n; i++) {
> - if (ls[n].type != als[i].type) {
> + } else {
> + nls = ls;
> + }
> +
> + nls->sockaddr = u.addrs[n].sockaddr;
> + nls->socklen = u.addrs[n].socklen;
> + nls->addr_text = u.addrs[n].name;
> + nls->wildcard = ngx_inet_wildcard(nls->sockaddr);
> +
> + for (i = 0; i < cmcf->listen.nelts - 1; i++) {
> + if (nls->type != als[i].type) {
> continue;
> }
>
> if (ngx_cmp_sockaddr(als[i].sockaddr, als[i].socklen,
> - ls[n].sockaddr, ls[n].socklen, 1)
> + nls->sockaddr, nls->socklen, 1)
> != NGX_OK)
> {
> continue;
> @@ -910,9 +930,12 @@ ngx_stream_core_listen(ngx_conf_t *cf, n
>
> ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
> "duplicate \"%V\" address and port pair",
> - &ls[n].addr_text);
> + &nls->addr_text);
> return NGX_CONF_ERROR;
> }
> +
> + next:
> + continue;
> }
>
> return NGX_CONF_OK;
>
More information about the nginx-devel
mailing list