From b24efa551dc91e177c5cb8da674e9f8432d52dc9 Mon Sep 17 00:00:00 2001
From: Stefan Sperling <ssperling@sysmocom.de>
Date: Tue, 28 Aug 2018 14:03:41 +0200
Subject: Properly deal with sockaddr_un socket path length limitations.

When parsing the configuration, reject a socket path which
exceeds the maximum size supported by the operating system.

In unixsocket_line_update() stop copying the line's socket path to a
local buffer. The path will be copied again in osmo_sock_unix_init().

Both changes are portable; we don't assume any particular socket
path length since the size differs between implementations of Unix,
and we rely only on information from the generic sys/un.h header.

Change-Id: I36344805a825f5d0e0c9d218d438d8fd985ed9ca
Related: OS#2673
---
 src/e1_input_vty.c     |  9 +++++++++
 src/input/unixsocket.c | 16 +++++++++-------
 2 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/src/e1_input_vty.c b/src/e1_input_vty.c
index 0e4575f..653c573 100644
--- a/src/e1_input_vty.c
+++ b/src/e1_input_vty.c
@@ -23,6 +23,7 @@
 #include <stdlib.h>
 #include <unistd.h>
 #include <string.h>
+#include <sys/un.h>
 
 #include <osmocom/core/linuxlist.h>
 #include <osmocom/core/talloc.h>
@@ -98,6 +99,14 @@ DEFUN(cfg_e1line_socket, cfg_e1_line_socket_cmd,
 {
 	struct e1inp_line *line;
 	int e1_nr = atoi(argv[0]);
+	struct sockaddr_un sun;
+
+	/* Don't exceed the maximum unix socket path length. See the unix(7) man page.*/
+	if (strlen(argv[1]) > sizeof(sun.sun_path)) {
+		vty_out(vty, "%% Socket path length exceeds %zd bytes: '%s'%s",
+			sizeof(sun.sun_path), argv[1], VTY_NEWLINE);
+		return CMD_WARNING;
+	}
 
 	line = e1inp_line_find(e1_nr);
 	if (!line) {
diff --git a/src/input/unixsocket.c b/src/input/unixsocket.c
index c49928d..00e1f9b 100644
--- a/src/input/unixsocket.c
+++ b/src/input/unixsocket.c
@@ -28,6 +28,7 @@
 #include <stdio.h>
 #include <unistd.h>
 #include <sys/socket.h>
+#include <sys/un.h>
 #include <limits.h>
 #include <string.h>
 
@@ -228,16 +229,11 @@ static void unixsocket_write_msg_lapd_cb(struct msgb *msg, void *cbdata)
 static int unixsocket_line_update(struct e1inp_line *line)
 {
 	struct unixsocket_line *config;
-	char sock_path[PATH_MAX];
+	char default_sock_path[sizeof(struct sockaddr_un) + 1]; /* see unix(7) man page */
+	const char *sock_path;
 	int ret = 0;
 	int i;
 
-	if (line->sock_path)
-		osmo_strlcpy(sock_path, line->sock_path, PATH_MAX);
-	else
-		sprintf(sock_path, "%s%d", UNIXSOCKET_SOCK_PATH_DEFAULT,
-			line->num);
-
 	LOGP(DLINP, LOGL_NOTICE, "line update (line=%p)\n", line);
 
 	if (!line->driver_data)
@@ -255,6 +251,12 @@ static int unixsocket_line_update(struct e1inp_line *line)
 	config->fd.cb = unixsocket_cb;
 
 	/* Open unix domain socket */
+	if (line->sock_path == NULL) {
+		snprintf(default_sock_path, sizeof(default_sock_path), "%s%d",
+			 UNIXSOCKET_SOCK_PATH_DEFAULT, line->num);
+		sock_path = default_sock_path;
+	} else
+		sock_path = line->sock_path;
 	ret = osmo_sock_unix_init(SOCK_SEQPACKET, 0, sock_path,
 				  OSMO_SOCK_F_CONNECT);
 	if (ret < 0) {
-- 
cgit v1.2.3