[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: LuaSocket: No way to protect against fuzzing attacks?
- From: HyperHacker <hyperhacker@...>
- Date: Wed, 12 Oct 2011 23:15:08 -0600
On Wed, Oct 12, 2011 at 22:59, Sam Roberts <vieuxtech@gmail.com> wrote:
> On Wed, Oct 12, 2011 at 10:51 AM, Petite Abeille
> <petite.abeille@gmail.com> wrote:
>> On Oct 12, 2011, at 7:42 PM, Matthew Wild wrote:
>>> It allows creating a LuaSocket object from an fd. Would be very
>>> useful, but not provided in standard LuaSocket because of portability
>>> concerns (ie. Windows).
>>
>> http://www.net-core.org/39/lua/patching-luasocket-to-make-it-compatible
>> http://www.net-core.org/dl/luasocket-2.0.2-acceptfd.patch
>
> The acceptfd() part of the patch I don't understand, why patch the C
> core when you can do:
>
> function socket.acceptfd(master)
> local sock = master:accept()
> local fd = sock:getfd()
> sock:setfd(-1)
> sock:close()
> return fd
> end
>
> I totally understand the motivation to hack socket.tcp() to accept an
> fd. The patch to allow socket.tcp(fd) hard codes the assumption its a
> connected tcp fd, so isn't very flexible, and is a specific instance
> of a more generally missing feature.
>
> I'm trying to think of a cleaner way to create stream or packet
> sockets from fds, since there isn't anything particularly tcp specific
> about the connected tcp objects, the same methods are cut-n-pasted
> into unix.c and my serial.c. I wish at luasocket's core there were
> SOCK_STREAM objects and SOCK_DGRAM objects, and they could be created
> using various methods.
>
>
> Since luasocket already has an unfortunate number of assumptions about
> how the networking APIs should be used (unix socket are always stream
> sockets, you can't call send() and sendto() on the same udp socket, it
> doesn't make sense to read or write 0 size dgrams, etc.), and I'm a
> bit loath to add to the problem.
>
> Cheers,
> Sam
>
>
Does setfd() exist without the patch? And is that method guaranteed
not to cause problems? (setfd(-1) is valid, -1 is never a valid fd,
closing a socket with an invalid fd is legal, etc.) Anyway, acceptfd()
basically does the same thing but in one line, and consistently (you
probably don't have to worry that someone else has already created a
function with the same name but different behaviour).
--
Sent from my toaster.