aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStefan Sperling <ssperling@sysmocom.de>2018-09-20 18:31:36 +0200
committerStefan Sperling <ssperling@sysmocom.de>2018-09-20 18:31:36 +0200
commit173d7fdbb9965fa1304420a30762831e2702e204 (patch)
treed1c181b431922fe9e0c85b40695796d94cff2c46
parent076122f5926ffd85d1639f51a6ab3da080a2276b (diff)
check for overlong unix socket paths
In pcu_l1if_open(), use osmo_strlcpy() instead of strncpy() and check for overflow. This catches overlong and non-NUL-terminated socket paths. Change-Id: I825190cbb34d052b797e9fb5208884d6f5992839 Related: OS#2673
-rw-r--r--src/osmobts_sock.cpp7
1 files changed, 5 insertions, 2 deletions
diff --git a/src/osmobts_sock.cpp b/src/osmobts_sock.cpp
index 477521dd..6b493473 100644
--- a/src/osmobts_sock.cpp
+++ b/src/osmobts_sock.cpp
@@ -265,8 +265,11 @@ int pcu_l1if_open(void)
}
local.sun_family = AF_UNIX;
- strncpy(local.sun_path, bts->pcu_sock_path, sizeof(local.sun_path));
- local.sun_path[sizeof(local.sun_path) - 1] = '\0';
+ if (osmo_strlcpy(local.sun_path, bts->pcu_sock_path, sizeof(local.sun_path)) >= sizeof(local.sun_path)) {
+ LOGP(DLGLOBAL, LOGL_ERROR, "Socket path exceeds maximum length of %zd bytes: %s\n",
+ sizeof(local.sun_path), bts->pcu_sock_path);
+ return -ENOSPC;
+ }
/* we use the same magic that X11 uses in Xtranssock.c for
* calculating the proper length of the sockaddr */