From: Jeremy Sowden <jeremy@azazel.net>
To: Netfilter Devel <netfilter-devel@vger.kernel.org>
Subject: [ulogd2 PATCH 14/26] input: UNIXSOCK: fix possible truncation of socket path
Date: Sat, 30 Oct 2021 17:44:20 +0100 [thread overview]
Message-ID: <20211030164432.1140896-15-jeremy@azazel.net> (raw)
In-Reply-To: <20211030164432.1140896-1-jeremy@azazel.net>
Verify that the path is short enough, and replace `strncpy` with `strcpy`.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
input/packet/ulogd_inppkt_UNIXSOCK.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/input/packet/ulogd_inppkt_UNIXSOCK.c b/input/packet/ulogd_inppkt_UNIXSOCK.c
index d88609f203c4..af2fbeca1f4c 100644
--- a/input/packet/ulogd_inppkt_UNIXSOCK.c
+++ b/input/packet/ulogd_inppkt_UNIXSOCK.c
@@ -475,10 +475,19 @@ static int handle_packet(struct ulogd_pluginstance *upi, struct ulogd_unixsock_p
static int _create_unix_socket(const char *unix_path)
{
int ret = -1;
- struct sockaddr_un server_sock;
+ struct sockaddr_un server_sock = { .sun_family = AF_UNIX };
int s;
struct stat st_dummy;
+ if (sizeof(server_sock.sun_path) <= strlen(unix_path)) {
+ ulogd_log(ULOGD_ERROR,
+ "ulogd2: unix socket path '%s' too long\n",
+ unix_path);
+ return -1;
+ }
+
+ strcpy(server_sock.sun_path, unix_path);
+
if (stat(unix_path, &st_dummy) == 0 && st_dummy.st_size > 0) {
ulogd_log(ULOGD_ERROR,
"ulogd2: unix socket '%s' already exists\n",
@@ -493,10 +502,6 @@ static int _create_unix_socket(const char *unix_path)
return -1;
}
- server_sock.sun_family = AF_UNIX;
- strncpy(server_sock.sun_path, unix_path, sizeof(server_sock.sun_path));
- server_sock.sun_path[sizeof(server_sock.sun_path)-1] = '\0';
-
ret = bind(s, (struct sockaddr *)&server_sock, sizeof(server_sock));
if (ret < 0) {
ulogd_log(ULOGD_ERROR,
--
2.33.0
next prev parent reply other threads:[~2021-10-30 17:10 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-30 16:44 [ulogd2 PATCH 00/26] Compiler Warning Fixes Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 01/26] include: add format attribute to __ulogd_log declaration Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 02/26] ulog: remove empty log-line Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 03/26] ulog: fix order of log arguments Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 04/26] ulog: correct log specifiers Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 05/26] output: IPFIX: correct format-specifiers Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 06/26] jhash: add "fall through" comments to switch cases Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 07/26] db: add missing `break` to switch-case Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 08/26] filter: HWHDR: replace `switch` with `if` Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 09/26] filter: HWHDR: re-order KEY_RAW_MAC checks Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 10/26] filter: HWHDR: remove zero-initialization of MAC type Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 11/26] Replace malloc+memset with calloc Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 12/26] filter: PWSNIFF: replace malloc+strncpy with strndup Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 13/26] input: UNIXSOCK: stat socket-path first before creating the socket Jeremy Sowden
2021-10-30 17:33 ` Jan Engelhardt
2021-11-06 13:51 ` Jeremy Sowden
2021-10-30 16:44 ` Jeremy Sowden [this message]
2021-10-30 16:44 ` [ulogd2 PATCH 15/26] input: UNIXSOCK: prevent unaligned pointer access Jeremy Sowden
2021-10-30 17:42 ` Jan Engelhardt
2021-11-06 14:13 ` Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 16/26] output: DBI: fix deprecation warnings Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 17/26] output: DBI: fix string truncation warnings Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 18/26] output: MYSQL: Fix string truncation warning Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 19/26] output: PGSQL: " Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 20/26] output: SQLITE3: Fix string truncation warnings and possible buffer overruns Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 21/26] output: SQLITE3: catch errors creating SQL statement Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 22/26] util: db: fix possible string truncation Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 23/26] output: JSON: fix output of GMT offset Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 24/26] output: JSON: fix printf truncation warnings Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 25/26] output: JSON: optimize appending of newline to output Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 26/26] output: JSON: fix possible truncation of socket path Jeremy Sowden
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211030164432.1140896-15-jeremy@azazel.net \
--to=jeremy@azazel.net \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).