Re: [PATCH] Avoid truncation of the path used for the stats socket

[Andreas Kohn]

On Wed, 2011-01-19 at 20:38 +0100, Andreas Kohn wrote:
> Hi,
> 
> while working further on the changes to allow for dynamic
> adding/removing of backend servers we noticed a potential problem: the
> path given for the 'stats socket' global option may get truncated when
> copying it into the sockaddr_un.sun_path field.
> 
> Attached patch checks the length, and reports an error if truncation
> would happen.
> 

After some more digging around in the code I found standard.c:str2sun(),
which does check the length. So in the interest of avoiding duplication
attached a slightly different patch with the same goal.

--
Andreas

-- 
Never attribute to malice that which can be adequately explained by
stupidity.                                        -- Hanlon's Razor

From b0b51f9d351cb99c43212e13c79496ab974fc3ef Mon Sep 17 00:00:00 2001
From: Andreas Kohn <andre...@fredhopper.com>
Date: Wed, 19 Jan 2011 20:29:32 +0100
Subject: [PATCH] Check whether the path given for the stats socket actually fits into the sockaddr_un structure to avoid truncation.

This uses str2sun() which already does the checking instead of rolling a duplicate variant here.
---
 src/dumpstats.c |   12 +++++++-----
 1 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/src/dumpstats.c b/src/dumpstats.c
index a45d40a..980b284 100644
--- a/src/dumpstats.c
+++ b/src/dumpstats.c
@@ -151,7 +151,7 @@ static int stats_parse_global(char **args, int section_type, struct proxy *curpx
 {
 	args++;
 	if (!strcmp(args[0], "socket")) {
-		struct sockaddr_un su;
+		struct sockaddr_un *su;
 		int cur_arg;
 
 		if (*args[1] == 0) {
@@ -164,10 +164,12 @@ static int stats_parse_global(char **args, int section_type, struct proxy *curpx
 			return -1;
 		}
 
-		su.sun_family = AF_UNIX;
-		strncpy(su.sun_path, args[1], sizeof(su.sun_path));
-		su.sun_path[sizeof(su.sun_path) - 1] = 0;
-		memcpy(&global.stats_sock.addr, &su, sizeof(su)); // guaranteed to fit
+		su = str2sun(args[1]);
+		if (!su) {
+			snprintf(err, errlen, "'stats socket' path would require truncation");
+			return -1;
+		}
+		memcpy(&global.stats_sock.addr, su, sizeof(struct sockaddr_un)); // guaranteed to fit
 
 		if (!global.stats_fe) {
 			if ((global.stats_fe = alloc_stats_fe("GLOBAL")) == NULL) {
-- 
1.7.2.3

signature.asc
Description: This is a digitally signed message part