diff options
author | Stefan Sperling <ssperling@sysmocom.de> | 2018-09-20 17:34:31 +0200 |
---|---|---|
committer | Stefan Sperling <ssperling@sysmocom.de> | 2018-09-20 17:40:59 +0200 |
commit | 0d7d0b0a861c1abeb6a4852c914bc0a483dc9744 (patch) | |
tree | a3df78edbfa71467ac552cc944d05adc31ed6678 | |
parent | 47e9e63bd54d31ca1d88ffd97da5be1caf3b4ae4 (diff) |
ensure unix socket paths are NUL-terminated for bind/connect
The unix(7) man page recommends that sun_path is NUL-terminated
when struct sockaddr_un is passed to a bind() or connect() call.
Non-NUL-terminated paths only need to be dealt with at the
receiving end of a UNIX domain socket.
Commit b24efa5 erroneously assumed otherwise.
Change-Id: I9beecfa500db75cb679b1edcc352c893bf098b13
Fixes: b24efa551dc91e177c5cb8da674e9f8432d52dc9
Related: OS#2673
-rw-r--r-- | src/e1_input_vty.c | 6 | ||||
-rw-r--r-- | src/input/unixsocket.c | 16 |
2 files changed, 15 insertions, 7 deletions
diff --git a/src/e1_input_vty.c b/src/e1_input_vty.c index 653c573..d81c859 100644 --- a/src/e1_input_vty.c +++ b/src/e1_input_vty.c @@ -101,10 +101,10 @@ DEFUN(cfg_e1line_socket, cfg_e1_line_socket_cmd, int e1_nr = atoi(argv[0]); struct sockaddr_un sun; - /* Don't exceed the maximum unix socket path length. See the unix(7) man page.*/ - if (strlen(argv[1]) > sizeof(sun.sun_path)) { + /* Don't exceed the maximum unix socket path length, including a NUL byte. See the unix(7) man page.*/ + if (strlen(argv[1]) > sizeof(sun.sun_path) - 1) { vty_out(vty, "%% Socket path length exceeds %zd bytes: '%s'%s", - sizeof(sun.sun_path), argv[1], VTY_NEWLINE); + sizeof(sun.sun_path) - 1, argv[1], VTY_NEWLINE); return CMD_WARNING; } diff --git a/src/input/unixsocket.c b/src/input/unixsocket.c index 00e1f9b..bc4b357 100644 --- a/src/input/unixsocket.c +++ b/src/input/unixsocket.c @@ -229,7 +229,7 @@ static void unixsocket_write_msg_lapd_cb(struct msgb *msg, void *cbdata) static int unixsocket_line_update(struct e1inp_line *line) { struct unixsocket_line *config; - char default_sock_path[sizeof(struct sockaddr_un) + 1]; /* see unix(7) man page */ + struct sockaddr_un un; const char *sock_path; int ret = 0; int i; @@ -252,9 +252,17 @@ static int unixsocket_line_update(struct e1inp_line *line) /* Open unix domain socket */ if (line->sock_path == NULL) { - snprintf(default_sock_path, sizeof(default_sock_path), "%s%d", - UNIXSOCKET_SOCK_PATH_DEFAULT, line->num); - sock_path = default_sock_path; + ret = snprintf(un.sun_path, sizeof(un.sun_path), "%s%d", + UNIXSOCKET_SOCK_PATH_DEFAULT, line->num); + if (ret == -1) { + LOGP(DLINP, LOGL_ERROR, "Cannot create default socket path: %s\n", strerror(errno)); + return -errno; + } else if (ret >= sizeof(un.sun_path)) { + LOGP(DLINP, LOGL_ERROR, "Default socket path exceeds %zd bytes: %s%d\n", + sizeof(un.sun_path), UNIXSOCKET_SOCK_PATH_DEFAULT, line->num); + return -ENOSPC; + } + sock_path = un.sun_path; } else sock_path = line->sock_path; ret = osmo_sock_unix_init(SOCK_SEQPACKET, 0, sock_path, |