CVS commit: src/sys/kern

Wed, 02 Apr 2014 08:36:17 -0700 

Module Name:    src
Committed By:   seanb
Date:           Wed Apr  2 15:35:45 UTC 2014

Modified Files:
        src/sys/kern: uipc_domain.c

Log Message:
len argument to strlcpy() was incorrect when copying
out AF_LOCAL sockets in sysctl helper.  The entire
buffer wasn't available since sun_path member is not
at offset 0 in struct sockaddr_un.


To generate a diff of this commit:
cvs rdiff -u -r1.90 -r1.91 src/sys/kern/uipc_domain.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/kern/uipc_domain.c
diff -u src/sys/kern/uipc_domain.c:1.90 src/sys/kern/uipc_domain.c:1.91
--- src/sys/kern/uipc_domain.c:1.90	Tue Feb 25 18:30:11 2014
+++ src/sys/kern/uipc_domain.c	Wed Apr  2 15:35:45 2014
@@ -1,4 +1,4 @@
-/*	$NetBSD: uipc_domain.c,v 1.90 2014/02/25 18:30:11 pooka Exp $	*/
+/*	$NetBSD: uipc_domain.c,v 1.91 2014/04/02 15:35:45 seanb Exp $	*/
 
 /*
  * Copyright (c) 1982, 1986, 1993
@@ -32,7 +32,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uipc_domain.c,v 1.90 2014/02/25 18:30:11 pooka Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uipc_domain.c,v 1.91 2014/04/02 15:35:45 seanb Exp $");
 
 #include <sys/param.h>
 #include <sys/socket.h>
@@ -424,10 +424,13 @@ sysctl_dounpcb(struct kinfo_pcb *pcb, co
 	 * endpoint.  bleah!
 	 */
 	if (unp->unp_addr != NULL) {
-		un->sun_len = unp->unp_addr->sun_len;
-		un->sun_family = unp->unp_addr->sun_family;
-		strlcpy(un->sun_path, unp->unp_addr->sun_path,
-		    sizeof(pcb->ki_s));
+		/*
+		 * We've added one to sun_len when allocating to
+		 * hold terminating NUL which we want here.  See
+		 * makeun().
+		 */
+		memcpy(un, unp->unp_addr,
+		    min(sizeof(pcb->ki_s), unp->unp_addr->sun_len + 1));
 	}
 	else {
 		un->sun_len = offsetof(struct sockaddr_un, sun_path);
@@ -436,11 +439,8 @@ sysctl_dounpcb(struct kinfo_pcb *pcb, co
 	if (unp->unp_conn != NULL) {
 		un = (struct sockaddr_un *)&pcb->ki_dst;
 		if (unp->unp_conn->unp_addr != NULL) {
-			un->sun_len = unp->unp_conn->unp_addr->sun_len;
-			un->sun_family = unp->unp_conn->unp_addr->sun_family;
-			un->sun_family = unp->unp_conn->unp_addr->sun_family;
-			strlcpy(un->sun_path, unp->unp_conn->unp_addr->sun_path,
-				sizeof(pcb->ki_d));
+			memcpy(un, unp->unp_conn->unp_addr,
+			    min(sizeof(pcb->ki_s), unp->unp_conn->unp_addr->sun_len + 1));
 		}
 		else {
 			un->sun_len = offsetof(struct sockaddr_un, sun_path);

Reply via email to