[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: LuaSocket: No way to protect against fuzzing attacks?
- From: Sam Roberts <vieuxtech@...>
- Date: Wed, 12 Oct 2011 21:59:31 -0700
On Wed, Oct 12, 2011 at 10:51 AM, Petite Abeille
> On Oct 12, 2011, at 7:42 PM, Matthew Wild wrote:
>> It allows creating a LuaSocket object from an fd. Would be very
>> useful, but not provided in standard LuaSocket because of portability
>> concerns (ie. Windows).
The acceptfd() part of the patch I don't understand, why patch the C
core when you can do:
local sock = master:accept()
local fd = sock:getfd()
I totally understand the motivation to hack socket.tcp() to accept an
fd. The patch to allow socket.tcp(fd) hard codes the assumption its a
connected tcp fd, so isn't very flexible, and is a specific instance
of a more generally missing feature.
I'm trying to think of a cleaner way to create stream or packet
sockets from fds, since there isn't anything particularly tcp specific
about the connected tcp objects, the same methods are cut-n-pasted
into unix.c and my serial.c. I wish at luasocket's core there were
SOCK_STREAM objects and SOCK_DGRAM objects, and they could be created
using various methods.
Since luasocket already has an unfortunate number of assumptions about
how the networking APIs should be used (unix socket are always stream
sockets, you can't call send() and sendto() on the same udp socket, it
doesn't make sense to read or write 0 size dgrams, etc.), and I'm a
bit loath to add to the problem.