Gitiles
Code Review Sign In
gerrit.cesnet.cz / github / CESNET / libnetconf2 / 93e96f1c4883bc619456aa7ee5e20437b5924576^! / .
commit93e96f1c4883bc619456aa7ee5e20437b5924576[log] [tgz]
authorMichal Vasko <mvasko@cesnet.cz>Thu Sep 30 10:02:09 2021 +0200
committerMichal Vasko <mvasko@cesnet.cz>Thu Sep 30 10:02:09 2021 +0200
treee3ef71b84e4d8bd67a6e31daa1b2d0c44759253c
parent86f8ed3046e9d5a3ccc49060af55f633784e47a9 [diff]
session server BUGFIX check UNIX socket length

diff --git a/src/session_server.c b/src/session_server.c
index 4ece29c..74b0851 100644
--- a/src/session_server.c
+++ b/src/session_server.c

@@ -285,6 +285,11 @@
     struct sockaddr_un sun;
     int sock = -1;
 
+    if (strlen(address) > sizeof(sun.sun_path) - 1) {
+        ERR(NULL, "Socket path \"%s\" is longer than maximum length %d.", address, (int)(sizeof(sun.sun_path) - 1));
+        goto fail;
+    }
+
     sock = socket(AF_UNIX, SOCK_STREAM, 0);
     if (sock == -1) {
         ERR(NULL, "Failed to create socket (%s).", strerror(errno));
@@ -293,7 +298,7 @@
 
     memset(&sun, 0, sizeof(sun));
     sun.sun_family = AF_UNIX;
-    snprintf(sun.sun_path, sizeof(sun.sun_path), "%s", address);
+    snprintf(sun.sun_path, sizeof(sun.sun_path) - 1, "%s", address);
 
     unlink(sun.sun_path);
     if (bind(sock, (struct sockaddr *)&sun, sizeof(sun)) == -1) {
@@ -326,7 +331,6 @@
     if (sock > -1) {
         close(sock);
     }
-
     return -1;
 }