syscall: workaround accept() bug on Darwin

Darwin kernels have a bug in accept() where error result from
an internal call is not checked and socket is accepted instead
of ECONNABORTED error. However, such sockets have no sockaddr,
which results in EAFNOSUPPORT error from anyToSockaddr, making
Go http servers running on Mac OS X easily susceptible to
denial of service from simple port scans with nmap.
Fixes #3849.

R=golang-dev, adg, mikioh.mikioh
CC=golang-dev
https://golang.org/cl/6456045

diff --git a/src/pkg/syscall/syscall_bsd.go b/src/pkg/syscall/syscall_bsd.go
index 8269286daf9212d30220161dde476ddacbaa30f0..36fba9e06ff877407dc0a4d60c8bc6715c22e565 100644 (file)
--- a/src/pkg/syscall/syscall_bsd.go
+++ b/src/pkg/syscall/syscall_bsd.go
@@ -303,6 +303,14 @@ func Accept(fd int) (nfd int, sa Sockaddr, err error) {
        if err != nil {
                return
        }
+       if len == 0 {
+               // Accepted socket has no address.
+               // This is likely due to a bug in xnu kernels,
+               // where instead of ECONNABORTED error socket
+               // is accepted, but has no address.
+               Close(nfd)
+               return 0, nil, ECONNABORTED
+       }
        sa, err = anyToSockaddr(&rsa)
        if err != nil {
                Close(nfd)