neosys007 opened a new pull request, #3354: URL: https://github.com/apache/thrift/pull/3354
This PR fixes the server-side Unix socket path copy in the C GLib transport. In current head, `thrift_server_socket_listen()` builds a stack `sockaddr_un` and copies `tsocket->path` into `sun_path` with `strlen(path) + 1`. That only works when the configured path is shorter than the destination buffer; otherwise the copy can run past the end of the local `sockaddr_un` before `bind()` is even called. The fix is intentionally small: - check the path length against `sizeof(struct sockaddr_un.sun_path)` first, - return a transport error if the path does not fit, - keep the rest of the server-side behavior unchanged. I also added regression coverage in `lib/c_glib/test/testtransportsocket.c` that checks the server listen path rejects an overlong Unix socket path cleanly. Validation performed locally: - `git diff --check` - syntax-only compile for the changed C files - the C GLib transport sources compile cleanly apart from existing OpenSSL deprecation warnings unrelated to this change. Related Jira: - https://issues.apache.org/jira/browse/THRIFT-5930 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
