From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Subject: [PATCH ulogd2 1/2] output: JSON: fix possible truncation of socket path
Date: Mon, 3 Jan 2022 19:11:37 +0100 [thread overview]
Message-ID: <20220103181138.101880-1-pablo@netfilter.org> (raw)
Verify that the path is shorter than 108 bytes (maximum unix socket path).
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
output/ulogd_output_JSON.c | 48 +++++++++++++++++++++++++++++++-------
1 file changed, 39 insertions(+), 9 deletions(-)
diff --git a/output/ulogd_output_JSON.c b/output/ulogd_output_JSON.c
index 913dfb84c8e7..83ad03efa145 100644
--- a/output/ulogd_output_JSON.c
+++ b/output/ulogd_output_JSON.c
@@ -33,6 +33,10 @@
#include <ulogd/conffile.h>
#include <jansson.h>
+#ifndef UNIX_PATH_MAX
+#define UNIX_PATH_MAX 108
+#endif
+
#ifndef ULOGD_JSON_DEFAULT
#define ULOGD_JSON_DEFAULT "/var/log/ulogd.json"
#endif
@@ -146,23 +150,21 @@ static void close_socket(struct json_priv *op) {
static int _connect_socket_unix(struct ulogd_pluginstance *pi)
{
+ const char *socket_path = file_ce(pi->config_kset).u.string;
struct json_priv *op = (struct json_priv *) &pi->private;
- struct sockaddr_un u_addr;
+ struct sockaddr_un u_addr = { .sun_family = AF_UNIX };
int sfd;
close_socket(op);
- ulogd_log(ULOGD_DEBUG, "connecting to unix:%s\n",
- file_ce(pi->config_kset).u.string);
+ ulogd_log(ULOGD_DEBUG, "connecting to unix:%s\n", socket_path);
+ strcpy(u_addr.sun_path, socket_path);
sfd = socket(AF_UNIX, SOCK_STREAM, 0);
- if (sfd == -1) {
+ if (sfd == -1)
return -1;
- }
- u_addr.sun_family = AF_UNIX;
- strncpy(u_addr.sun_path, file_ce(pi->config_kset).u.string,
- sizeof(u_addr.sun_path) - 1);
- if (connect(sfd, (struct sockaddr *) &u_addr, sizeof(struct sockaddr_un)) == -1) {
+
+ if (connect(sfd, (struct sockaddr *) &u_addr, sizeof(u_addr)) == -1) {
close(sfd);
return -1;
}
@@ -430,9 +432,33 @@ static void reopen_file(struct ulogd_pluginstance *upi)
}
}
+static int validate_unix_socket(struct ulogd_pluginstance *upi)
+{
+ const char *socket_path = file_ce(upi->config_kset).u.string;
+
+ if (!socket_path[0]) {
+ ulogd_log(ULOGD_ERROR, "missing unix socket path");
+ return -1;
+ }
+ if (strlen(socket_path) >= UNIX_PATH_MAX) {
+ ulogd_log(ULOGD_ERROR, "unix socket path `%s' is longer than %u\n",
+ file_ce(upi->config_kset).u.string, UNIX_PATH_MAX);
+ return -1;
+ }
+
+ return 0;
+}
+
static void reopen_socket(struct ulogd_pluginstance *upi)
{
+ struct json_priv *op = (struct json_priv *) &upi->private;
+
ulogd_log(ULOGD_NOTICE, "JSON: reopening socket\n");
+
+ if (op->mode == JSON_MODE_UNIX &&
+ validate_unix_socket(upi) < 0)
+ return;
+
if (_connect_socket(upi) < 0) {
ulogd_log(ULOGD_ERROR, "can't open JSON "
"socket: %s\n",
@@ -510,6 +536,10 @@ static int json_init_socket(struct ulogd_pluginstance *upi)
if (port_ce(upi->config_kset).u.string == NULL)
return -1;
+ if (op->mode == JSON_MODE_UNIX &&
+ validate_unix_socket(upi) < 0)
+ return -1;
+
op->sock = -1;
return _connect_socket(upi);
}
--
2.30.2
next reply other threads:[~2022-01-03 18:11 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-03 18:11 Pablo Neira Ayuso [this message]
2022-01-03 18:11 ` [PATCH ulogd2 2/2] output: JSON: remove bogus check for host and port Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220103181138.101880-1-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).