stack smashing while bind on ipv6 port and using wrk to request it

[aisk]

Found this on Linux / macOS, with Python3.5/ 3.7, and meinheld version 1.0.1.

Way to reproduce this:

import flask


app = flask.Flask(__name__)


@app.route('/')
def x():
    return 'x'

Starting with:

$ gunicorn -b'[::]:1234' -kmeinheld.gmeinheld.MeinheldWorker a:app

And run wrk:

wrk http://localhost:1234 -c 1 -t 1

You can see meinheld worker is exit randomly with logs like this:

*** stack smashing detected ***: /data00/home/xxx/ooo/venv/bin/python3 terminated
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x70bfb)[0x7fe35cbdabfb]
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7fe35cc63437]
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x0)[0x7fe35cc63400]
/data00/home/xxx/ooo/venv/lib/python3.5/site-packages/meinheld/server.cpython-35m-x86_64-linux-gnu.so(+0xfe4f)[0x7fe35aaa9e4f]
/data00/home/xxx/ooo/venv/lib/python3.5/site-packages/meinheld/server.cpython-35m-x86_64-linux-gnu.so(picoev_poll_once_internal+0x95)[0x7fe35aaae265]
/data00/home/xxx/ooo/venv/lib/python3.5/site-packages/meinheld/server.cpython-35m-x86_64-linux-gnu.so(+0x10f0a)[0x7fe35aaaaf0a]
/data00/home/xxx/ooo/venv/bin/python3(PyCFunction_Call+0x77)[0x55ffb5e20287]
/data00/home/xxx/ooo/venv/bin/python3(PyEval_EvalFrameEx+0x48ef)[0x55ffb5dead0f]
/data00/home/xxx/ooo/venv/bin/python3(PyEval_EvalFrameEx+0x4b64)[0x55ffb5deaf84]
/data00/home/xxx/ooo/venv/bin/python3(+0x19002f)[0x55ffb5df002f]

This only happend with client wrk (a HTTP benchmark tool), but gunicorn with default worker sync or gevent, meinheld with chrome / curl have no issue.

[aisk]

I think wrk is sending some incompatible requests, but meinheld should not exit cause someone may make a DOS attack on it.

[methane]

https://github.com/mopemope/meinheld/blob/94fc8dc49a6c36b9abbf9276943d443bfce55f83/meinheld/server/server.c#L1239-L1269

server.c uses sockaddr_in structure it is only for IPv4.