If the socket length does not include any of the bytes of the path, then
the code should not read even the first byte of the path.

Found by valgrind.

CC: Thadeu Lima de Souza Cascardo <casca...@redhat.com>
Reported-by: Joe Stringer <j...@ovn.org>
Signed-off-by: Ben Pfaff <b...@ovn.org>
---
 lib/socket-util-unix.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/socket-util-unix.c b/lib/socket-util-unix.c
index 5d4b88c..59f63fc 100644
--- a/lib/socket-util-unix.c
+++ b/lib/socket-util-unix.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014 Nicira, Inc.
+ * Copyright (c) 2014, 2016 Nicira, Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -389,7 +389,7 @@ error:
 int
 get_unix_name_len(const struct sockaddr_un *sun, socklen_t sun_len)
 {
-    return (sun_len >= offsetof(struct sockaddr_un, sun_path) &&
+    return (sun_len > offsetof(struct sockaddr_un, sun_path) &&
             sun->sun_path[0] != 0
             ? sun_len - offsetof(struct sockaddr_un, sun_path)
             : 0);
-- 
2.1.3

_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

Reply via email to