check for overlong unix socket paths

In rf_create_socket(), check the result of osmo_strlcpy(). This catches overlong and non-NUL-terminated socket paths. Change-Id: I4b9ff9146068bf7f53d67c577454f32c02361b86 Related: OS#2673
author: Stefan Sperling <ssperling@sysmocom.de> 2018-09-20 17:54:26 +0200
committer: Harald Welte <laforge@gnumonks.org> 2018-09-26 07:26:01 +0000
commit: 65c62e50335b500ac9e4658530ca5a1b4f5328d8 (patch)
tree: dbbc333cf5a54613fad838a0230f30c2e467b55e
parent: 67e47c6076fea691345d594977e354538d50566b (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/src/osmo-bsc/bsc_rf_ctrl.c b/src/osmo-bsc/bsc_rf_ctrl.c
index f4a21b53a..ac87fb93d 100644
--- a/src/osmo-bsc/bsc_rf_ctrl.c
+++ b/src/osmo-bsc/bsc_rf_ctrl.c
@@ -450,8 +450,12 @@ static int rf_create_socket(struct osmo_bsc_rf *rf, const char *path)
 	}
 
 	local.sun_family = AF_UNIX;
-	osmo_strlcpy(local.sun_path, path, sizeof(local.sun_path));
 	unlink(local.sun_path);
+	if (osmo_strlcpy(local.sun_path, path, sizeof(local.sun_path)) >= sizeof(local.sun_path)) {
+		LOGP(DLINP, LOGL_ERROR, "Socket path exceeds maximum length of %zd bytes: %s\n",
+		     sizeof(local.sun_path), path);
+		return -1;
+	}
 
 	/* we use the same magic that X11 uses in Xtranssock.c for
 	 * calculating the proper length of the sockaddr */
author	Stefan Sperling <ssperling@sysmocom.de>	2018-09-20 17:54:26 +0200
committer	Harald Welte <laforge@gnumonks.org>	2018-09-26 07:26:01 +0000
commit	65c62e50335b500ac9e4658530ca5a1b4f5328d8 (patch)
tree	dbbc333cf5a54613fad838a0230f30c2e467b55e
parent	67e47c6076fea691345d594977e354538d50566b (diff)