From 173d7fdbb9965fa1304420a30762831e2702e204 Mon Sep 17 00:00:00 2001 From: Stefan Sperling Date: Thu, 20 Sep 2018 18:31:36 +0200 Subject: [PATCH] check for overlong unix socket paths In pcu_l1if_open(), use osmo_strlcpy() instead of strncpy() and check for overflow. This catches overlong and non-NUL-terminated socket paths. Change-Id: I825190cbb34d052b797e9fb5208884d6f5992839 Related: OS#2673 --- src/osmobts_sock.cpp | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/osmobts_sock.cpp b/src/osmobts_sock.cpp index 477521dd..6b493473 100644 --- a/src/osmobts_sock.cpp +++ b/src/osmobts_sock.cpp @@ -265,8 +265,11 @@ int pcu_l1if_open(void) } local.sun_family = AF_UNIX; - strncpy(local.sun_path, bts->pcu_sock_path, sizeof(local.sun_path)); - local.sun_path[sizeof(local.sun_path) - 1] = '\0'; + if (osmo_strlcpy(local.sun_path, bts->pcu_sock_path, sizeof(local.sun_path)) >= sizeof(local.sun_path)) { + LOGP(DLGLOBAL, LOGL_ERROR, "Socket path exceeds maximum length of %zd bytes: %s\n", + sizeof(local.sun_path), bts->pcu_sock_path); + return -ENOSPC; + } /* we use the same magic that X11 uses in Xtranssock.c for * calculating the proper length of the sockaddr */