If the socket length does not include any of the bytes of the path, then the code should not read even the first byte of the path.
Found by valgrind. CC: Thadeu Lima de Souza Cascardo <casca...@redhat.com> Reported-by: Joe Stringer <j...@ovn.org> Signed-off-by: Ben Pfaff <b...@ovn.org> --- lib/socket-util-unix.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/socket-util-unix.c b/lib/socket-util-unix.c index 5d4b88c..59f63fc 100644 --- a/lib/socket-util-unix.c +++ b/lib/socket-util-unix.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2014 Nicira, Inc. + * Copyright (c) 2014, 2016 Nicira, Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -389,7 +389,7 @@ error: int get_unix_name_len(const struct sockaddr_un *sun, socklen_t sun_len) { - return (sun_len >= offsetof(struct sockaddr_un, sun_path) && + return (sun_len > offsetof(struct sockaddr_un, sun_path) && sun->sun_path[0] != 0 ? sun_len - offsetof(struct sockaddr_un, sun_path) : 0); -- 2.1.3 _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev