Instead of using the entire sun_path buffer for abstract socket names, only use the exact length of the string that is specified on the command line. The nul-terminator is not included for abstract sockets.
The size of sun_path is modified to include the nul-terminator for pathname address types. Signed-off-by: Tyler Hicks <[email protected]> --- tests/regression/apparmor/unix_socket.c | 13 +++++++++++-- tests/regression/apparmor/unix_socket_client.c | 13 +++++++++++-- 2 files changed, 22 insertions(+), 4 deletions(-) diff --git a/tests/regression/apparmor/unix_socket.c b/tests/regression/apparmor/unix_socket.c index 3d86225..cd492e3 100644 --- a/tests/regression/apparmor/unix_socket.c +++ b/tests/regression/apparmor/unix_socket.c @@ -107,11 +107,20 @@ int main (int argc, char *argv[]) sun_path = argv[1]; sun_path_len = strlen(sun_path); if (sun_path[0] == '@') { + if (sun_path_len > sizeof(addr.sun_path)) { + fprintf(stderr, "FAIL - socket addr too big\n"); + exit(1); + } memcpy(addr.sun_path, sun_path, sun_path_len); addr.sun_path[0] = '\0'; - sun_path_len = sizeof(addr.sun_path); } else { - memcpy(addr.sun_path, sun_path, sun_path_len + 1); + /* include the nul terminator for pathname addr types */ + sun_path_len++; + if (sun_path_len > sizeof(addr.sun_path)) { + fprintf(stderr, "FAIL - socket addr too big\n"); + exit(1); + } + memcpy(addr.sun_path, sun_path, sun_path_len); } if (!strcmp(argv[2], "stream")) { diff --git a/tests/regression/apparmor/unix_socket_client.c b/tests/regression/apparmor/unix_socket_client.c index ac53ecd..d7d5510 100644 --- a/tests/regression/apparmor/unix_socket_client.c +++ b/tests/regression/apparmor/unix_socket_client.c @@ -98,11 +98,20 @@ int main(int argc, char *argv[]) sun_path = argv[1]; sun_path_len = strlen(sun_path); if (sun_path[0] == '@') { + if (sun_path_len > sizeof(peer_addr.sun_path)) { + fprintf(stderr, "FAIL CLIENT - socket addr too big\n"); + exit(1); + } memcpy(peer_addr.sun_path, sun_path, sun_path_len); peer_addr.sun_path[0] = '\0'; - sun_path_len = sizeof(peer_addr.sun_path); } else { - memcpy(peer_addr.sun_path, sun_path, sun_path_len + 1); + /* include the nul terminator for pathname addr types */ + sun_path_len++; + if (sun_path_len > sizeof(peer_addr.sun_path)) { + fprintf(stderr, "FAIL CLIENT - socket addr too big\n"); + exit(1); + } + memcpy(peer_addr.sun_path, sun_path, sun_path_len); } if (!strcmp(argv[2], "stream")) { -- 2.1.0 -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
