)]}'
{
  "commit": "e1c8ad6cfde8400816ac83295b65835a27cf9fd9",
  "tree": "dd362d46154d82ea736131ec797810bb941bedcc",
  "parents": [
    "ff127bb7ec169601f74ae7abb42cc176f93225d7"
  ],
  "author": {
    "name": "Maxim Dounin",
    "email": "mdounin@mdounin.ru",
    "time": "Wed Oct 04 21:19:33 2017 +0300"
  },
  "committer": {
    "name": "Maxim Dounin",
    "email": "mdounin@mdounin.ru",
    "time": "Wed Oct 04 21:19:33 2017 +0300"
  },
  "message": "Fixed buffer overread with unix sockets after accept().\n\nSome OSes (notably macOS, NetBSD, and Solaris) allow unix socket addresses\nlarger than struct sockaddr_un.  Moreover, some of them (macOS, Solaris)\nreturn socklen of the socket address before it was truncated to fit the\nbuffer provided.  As such, on these systems socklen must not be used without\nadditional check that it is within the buffer provided.\n\nAppropriate checks added to ngx_event_accept() (after accept()),\nngx_event_recvmsg() (after recvmsg()), and ngx_set_inherited_sockets()\n(after getsockname()).\n\nWe also obtain socket addresses via getsockname() in\nngx_connection_local_sockaddr(), but it does not need any checks as\nit is only used for INET and INET6 sockets (as there can be no\nwildcard unix sockets).\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "9b7071d2a2ac7b06c92224018d2643cecc5334a6",
      "old_mode": 33188,
      "old_path": "src/core/ngx_connection.c",
      "new_id": "a1baefb9bc6e3e04b925b0b4e08ba169298be93d",
      "new_mode": 33188,
      "new_path": "src/core/ngx_connection.c"
    },
    {
      "type": "modify",
      "old_id": "87447d08937ce30fbe64cdcaf4bd48bf0df34958",
      "old_mode": 33188,
      "old_path": "src/event/ngx_event_accept.c",
      "new_id": "77563709057474d9402e7d96b4a7d570249ad457",
      "new_mode": 33188,
      "new_path": "src/event/ngx_event_accept.c"
    }
  ]
}