mwtkrayer
/
dtach
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

Prevent buffer overflow with a long socket path name. 

The code wasn't checking for overflow before copying the socket path
name to to the sun_path field, which is usually much smaller than
PATH_MAX.

Report and initial patch by Paul Wilkinson.
This commit is contained in:
Ned T. Crigler 2014-08-04 12:40:20 -07:00
parent fc78d94e7f
commit a51207bf47
2 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
attach.c
View File

@ -52,6 +52,12 @@ connect_socket(char *name)
int s;
struct sockaddr_un sockun;
if (strlen(name) > sizeof(sockun.sun_path) - 1)
{
errno = ENAMETOOLONG;
return -1;
}
s = socket(PF_UNIX, SOCK_STREAM, 0);
if (s < 0)
return -1;

6
master.c
View File

@ -185,6 +185,12 @@ create_socket(char *name)
int s;
struct sockaddr_un sockun;
if (strlen(name) > sizeof(sockun.sun_path) - 1)
{
errno = ENAMETOOLONG;
return -1;
}
s = socket(PF_UNIX, SOCK_STREAM, 0);
if (s < 0)
return -1;