|
 |
4a3166 |
From 8cb5fba90e0c602922bd2497f2d5ea3946eac172 Mon Sep 17 00:00:00 2001
|
|
|
4a3166 |
From: Michal Kubecek <mkubecek@suse.cz>
|
|
|
4a3166 |
Date: Mon, 15 Jul 2019 08:46:23 +0200
|
|
|
4a3166 |
Subject: [PATCH] conntrackd: use correct max unix path length
|
|
|
4a3166 |
|
|
|
4a3166 |
When copying value of "Path" option for unix socket, target buffer size is
|
|
|
4a3166 |
UNIX_MAX_PATH so that we must not copy more bytes than that. Also make sure
|
|
|
4a3166 |
that the path is null terminated and bail out if user provided path is too
|
|
|
4a3166 |
long rather than silently truncate it.
|
|
|
4a3166 |
|
|
|
4a3166 |
Fixes: ce06fb606906 ("conntrackd: use strncpy() to unix path")
|
|
|
4a3166 |
Signed-off-by: Michal Kubecek <mkubecek@suse.cz>
|
|
|
4a3166 |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
4a3166 |
(cherry picked from commit b47e00e8a579519b163cb4faed017463bf64c40d)
|
|
|
4a3166 |
---
|
|
|
4a3166 |
src/read_config_yy.y | 7 ++++++-
|
|
|
4a3166 |
1 file changed, 6 insertions(+), 1 deletion(-)
|
|
|
4a3166 |
|
|
|
4a3166 |
diff --git a/src/read_config_yy.y b/src/read_config_yy.y
|
|
|
4a3166 |
index ceba6fc0d2426..4311cd6c9a2f5 100644
|
|
|
4a3166 |
--- a/src/read_config_yy.y
|
|
|
4a3166 |
+++ b/src/read_config_yy.y
|
|
|
4a3166 |
@@ -689,8 +689,13 @@ unix_options:
|
|
|
4a3166 |
|
|
|
4a3166 |
unix_option : T_PATH T_PATH_VAL
|
|
|
4a3166 |
{
|
|
|
4a3166 |
- strncpy(conf.local.path, $2, PATH_MAX);
|
|
|
4a3166 |
+ strncpy(conf.local.path, $2, UNIX_PATH_MAX);
|
|
|
4a3166 |
free($2);
|
|
|
4a3166 |
+ if (conf.local.path[UNIX_PATH_MAX - 1]) {
|
|
|
4a3166 |
+ dlog(LOG_ERR, "UNIX Path is longer than %u characters",
|
|
|
4a3166 |
+ UNIX_PATH_MAX - 1);
|
|
|
4a3166 |
+ exit(EXIT_FAILURE);
|
|
|
4a3166 |
+ }
|
|
|
4a3166 |
};
|
|
|
4a3166 |
|
|
|
4a3166 |
unix_option : T_BACKLOG T_NUMBER
|
|
|
4a3166 |
--
|
|
|
4a3166 |
2.34.1
|
|
|
4a3166 |
|