From 56d3f951d1be1bf9d5233003d0f92779231d588e Mon Sep 17 00:00:00 2001 From: Alexey Borzenkov Date: Sat, 22 Sep 2012 05:54:18 +1000 Subject: [PATCH] [release-branch.go1] syscall: workaround accept() bug on Darwin MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit ««« backport 0eae95b0307a syscall: workaround accept() bug on Darwin Darwin kernels have a bug in accept() where error result from an internal call is not checked and socket is accepted instead of ECONNABORTED error. However, such sockets have no sockaddr, which results in EAFNOSUPPORT error from anyToSockaddr, making Go http servers running on Mac OS X easily susceptible to denial of service from simple port scans with nmap. Fixes #3849. R=golang-dev, adg, mikioh.mikioh CC=golang-dev https://golang.org/cl/6456045 »»» --- src/pkg/syscall/syscall_bsd.go | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/pkg/syscall/syscall_bsd.go b/src/pkg/syscall/syscall_bsd.go index c1a822aa17..1d873b69ac 100644 --- a/src/pkg/syscall/syscall_bsd.go +++ b/src/pkg/syscall/syscall_bsd.go @@ -304,6 +304,14 @@ func Accept(fd int) (nfd int, sa Sockaddr, err error) { if err != nil { return } + if len == 0 { + // Accepted socket has no address. + // This is likely due to a bug in xnu kernels, + // where instead of ECONNABORTED error socket + // is accepted, but has no address. + Close(nfd) + return 0, nil, ECONNABORTED + } sa, err = anyToSockaddr(&rsa) if err != nil { Close(nfd) -- 2.51.0