This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
Harald Welte gerrit-no-reply at lists.osmocom.orgHarald Welte has submitted this change and it was merged. ( https://gerrit.osmocom.org/11045 ) Change subject: ensure unix socket paths are NUL-terminated for bind/connect ...................................................................... ensure unix socket paths are NUL-terminated for bind/connect The unix(7) man page recommends that sun_path is NUL-terminated when struct sockaddr_un is passed to a bind() or connect() call. Non-NUL-terminated paths only need to be dealt with at the receiving end of a UNIX domain socket. Commit b24efa5 erroneously assumed otherwise. Change-Id: I9beecfa500db75cb679b1edcc352c893bf098b13 Fixes: b24efa551dc91e177c5cb8da674e9f8432d52dc9 Related: OS#2673 --- M src/e1_input_vty.c M src/input/unixsocket.c 2 files changed, 15 insertions(+), 7 deletions(-) Approvals: Jenkins Builder: Verified Harald Welte: Looks good to me, approved diff --git a/src/e1_input_vty.c b/src/e1_input_vty.c index 653c573..d81c859 100644 --- a/src/e1_input_vty.c +++ b/src/e1_input_vty.c @@ -101,10 +101,10 @@ int e1_nr = atoi(argv[0]); struct sockaddr_un sun; - /* Don't exceed the maximum unix socket path length. See the unix(7) man page.*/ - if (strlen(argv[1]) > sizeof(sun.sun_path)) { + /* Don't exceed the maximum unix socket path length, including a NUL byte. See the unix(7) man page.*/ + if (strlen(argv[1]) > sizeof(sun.sun_path) - 1) { vty_out(vty, "%% Socket path length exceeds %zd bytes: '%s'%s", - sizeof(sun.sun_path), argv[1], VTY_NEWLINE); + sizeof(sun.sun_path) - 1, argv[1], VTY_NEWLINE); return CMD_WARNING; } diff --git a/src/input/unixsocket.c b/src/input/unixsocket.c index 00e1f9b..bc4b357 100644 --- a/src/input/unixsocket.c +++ b/src/input/unixsocket.c @@ -229,7 +229,7 @@ static int unixsocket_line_update(struct e1inp_line *line) { struct unixsocket_line *config; - char default_sock_path[sizeof(struct sockaddr_un) + 1]; /* see unix(7) man page */ + struct sockaddr_un un; const char *sock_path; int ret = 0; int i; @@ -252,9 +252,17 @@ /* Open unix domain socket */ if (line->sock_path == NULL) { - snprintf(default_sock_path, sizeof(default_sock_path), "%s%d", - UNIXSOCKET_SOCK_PATH_DEFAULT, line->num); - sock_path = default_sock_path; + ret = snprintf(un.sun_path, sizeof(un.sun_path), "%s%d", + UNIXSOCKET_SOCK_PATH_DEFAULT, line->num); + if (ret == -1) { + LOGP(DLINP, LOGL_ERROR, "Cannot create default socket path: %s\n", strerror(errno)); + return -errno; + } else if (ret >= sizeof(un.sun_path)) { + LOGP(DLINP, LOGL_ERROR, "Default socket path exceeds %zd bytes: %s%d\n", + sizeof(un.sun_path), UNIXSOCKET_SOCK_PATH_DEFAULT, line->num); + return -ENOSPC; + } + sock_path = un.sun_path; } else sock_path = line->sock_path; ret = osmo_sock_unix_init(SOCK_SEQPACKET, 0, sock_path, -- To view, visit https://gerrit.osmocom.org/11045 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: libosmo-abis Gerrit-Branch: master Gerrit-MessageType: merged Gerrit-Change-Id: I9beecfa500db75cb679b1edcc352c893bf098b13 Gerrit-Change-Number: 11045 Gerrit-PatchSet: 1 Gerrit-Owner: Stefan Sperling <ssperling at sysmocom.de> Gerrit-Reviewer: Harald Welte <laforge at gnumonks.org> Gerrit-Reviewer: Jenkins Builder (1000002) -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20180926/5e5bebf5/attachment.htm>