1
0
mirror of https://github.com/golang/go synced 2024-11-18 20:24:41 -07:00

syscall: workaround accept() bug on Darwin

Darwin kernels have a bug in accept() where error result from
an internal call is not checked and socket is accepted instead
of ECONNABORTED error. However, such sockets have no sockaddr,
which results in EAFNOSUPPORT error from anyToSockaddr, making
Go http servers running on Mac OS X easily susceptible to
denial of service from simple port scans with nmap.
Fixes #3849.

R=golang-dev, adg, mikioh.mikioh
CC=golang-dev
https://golang.org/cl/6456045
This commit is contained in:
Alexey Borzenkov 2012-07-30 09:02:24 +10:00 committed by Andrew Gerrand
parent b4402a49b6
commit 5197fa8040

View File

@ -303,6 +303,14 @@ func Accept(fd int) (nfd int, sa Sockaddr, err error) {
if err != nil { if err != nil {
return return
} }
if len == 0 {
// Accepted socket has no address.
// This is likely due to a bug in xnu kernels,
// where instead of ECONNABORTED error socket
// is accepted, but has no address.
Close(nfd)
return 0, nil, ECONNABORTED
}
sa, err = anyToSockaddr(&rsa) sa, err = anyToSockaddr(&rsa)
if err != nil { if err != nil {
Close(nfd) Close(nfd)