Harald Welte has submitted this change and it was merged. (
https://gerrit.osmocom.org/11045 )
Change subject: ensure unix socket paths are NUL-terminated for bind/connect
......................................................................
ensure unix socket paths are NUL-terminated for bind/connect
The unix(7) man page recommends that sun_path is NUL-terminated
when struct sockaddr_un is passed to a bind() or connect() call.
Non-NUL-terminated paths only need to be dealt with at the
receiving end of a UNIX domain socket.
Commit b24efa5 erroneously assumed otherwise.
Change-Id: I9beecfa500db75cb679b1edcc352c893bf098b13
Fixes: b24efa551dc91e177c5cb8da674e9f8432d52dc9
Related: OS#2673
---
M src/e1_input_vty.c
M src/input/unixsocket.c
2 files changed, 15 insertions(+), 7 deletions(-)
Approvals:
Jenkins Builder: Verified
Harald Welte: Looks good to me, approved
diff --git a/src/e1_input_vty.c b/src/e1_input_vty.c
index 653c573..d81c859 100644
--- a/src/e1_input_vty.c
+++ b/src/e1_input_vty.c
@@ -101,10 +101,10 @@
int e1_nr = atoi(argv[0]);
struct sockaddr_un sun;
- /* Don't exceed the maximum unix socket path length. See the unix(7)
man page.*/
- if (strlen(argv[1]) > sizeof(sun.sun_path)) {
+ /* Don't exceed the maximum unix socket path length, including a NUL
byte. See the unix(7) man page.*/
+ if (strlen(argv[1]) > sizeof(sun.sun_path) - 1) {
vty_out(vty, "%% Socket path length exceeds %zd bytes: '%s'%s",
- sizeof(sun.sun_path), argv[1], VTY_NEWLINE);
+ sizeof(sun.sun_path) - 1, argv[1], VTY_NEWLINE);
return CMD_WARNING;
}
diff --git a/src/input/unixsocket.c b/src/input/unixsocket.c
index 00e1f9b..bc4b357 100644
--- a/src/input/unixsocket.c
+++ b/src/input/unixsocket.c
@@ -229,7 +229,7 @@
static int unixsocket_line_update(struct e1inp_line *line)
{
struct unixsocket_line *config;
- char default_sock_path[sizeof(struct sockaddr_un) + 1]; /* see unix(7)
man page */
+ struct sockaddr_un un;
const char *sock_path;
int ret = 0;
int i;
@@ -252,9 +252,17 @@
/* Open unix domain socket */
if (line->sock_path == NULL) {
- snprintf(default_sock_path, sizeof(default_sock_path), "%s%d",
- UNIXSOCKET_SOCK_PATH_DEFAULT, line->num);
- sock_path = default_sock_path;
+ ret = snprintf(un.sun_path, sizeof(un.sun_path), "%s%d",
+ UNIXSOCKET_SOCK_PATH_DEFAULT, line->num);
+ if (ret == -1) {
+ LOGP(DLINP, LOGL_ERROR, "Cannot create default socket
path: %s\n", strerror(errno));
+ return -errno;
+ } else if (ret >= sizeof(un.sun_path)) {
+ LOGP(DLINP, LOGL_ERROR, "Default socket path exceeds
%zd bytes: %s%d\n",
+ sizeof(un.sun_path), UNIXSOCKET_SOCK_PATH_DEFAULT,
line->num);
+ return -ENOSPC;
+ }
+ sock_path = un.sun_path;
} else
sock_path = line->sock_path;
ret = osmo_sock_unix_init(SOCK_SEQPACKET, 0, sock_path,
--
To view, visit https://gerrit.osmocom.org/11045
To unsubscribe, or for help writing mail filters, visit
https://gerrit.osmocom.org/settings
Gerrit-Project: libosmo-abis
Gerrit-Branch: master
Gerrit-MessageType: merged
Gerrit-Change-Id: I9beecfa500db75cb679b1edcc352c893bf098b13
Gerrit-Change-Number: 11045
Gerrit-PatchSet: 1
Gerrit-Owner: Stefan Sperling <[email protected]>
Gerrit-Reviewer: Harald Welte <[email protected]>
Gerrit-Reviewer: Jenkins Builder (1000002)
