diff options
author | Stefan Sperling <ssperling@sysmocom.de> | 2018-09-20 18:31:36 +0200 |
---|---|---|
committer | Stefan Sperling <ssperling@sysmocom.de> | 2018-09-20 18:31:36 +0200 |
commit | 173d7fdbb9965fa1304420a30762831e2702e204 (patch) | |
tree | d1c181b431922fe9e0c85b40695796d94cff2c46 | |
parent | 076122f5926ffd85d1639f51a6ab3da080a2276b (diff) |
check for overlong unix socket paths
In pcu_l1if_open(), use osmo_strlcpy() instead of strncpy() and check for
overflow. This catches overlong and non-NUL-terminated socket paths.
Change-Id: I825190cbb34d052b797e9fb5208884d6f5992839
Related: OS#2673
-rw-r--r-- | src/osmobts_sock.cpp | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/src/osmobts_sock.cpp b/src/osmobts_sock.cpp index 477521dd..6b493473 100644 --- a/src/osmobts_sock.cpp +++ b/src/osmobts_sock.cpp @@ -265,8 +265,11 @@ int pcu_l1if_open(void) } local.sun_family = AF_UNIX; - strncpy(local.sun_path, bts->pcu_sock_path, sizeof(local.sun_path)); - local.sun_path[sizeof(local.sun_path) - 1] = '\0'; + if (osmo_strlcpy(local.sun_path, bts->pcu_sock_path, sizeof(local.sun_path)) >= sizeof(local.sun_path)) { + LOGP(DLGLOBAL, LOGL_ERROR, "Socket path exceeds maximum length of %zd bytes: %s\n", + sizeof(local.sun_path), bts->pcu_sock_path); + return -ENOSPC; + } /* we use the same magic that X11 uses in Xtranssock.c for * calculating the proper length of the sockaddr */ |