From 937ae00b413b46f84aa77b5ca0dae38ed2b3415a Mon Sep 17 00:00:00 2001

From: Phil Sutter <phil@nwl.cc>

Date: Wed, 31 Aug 2022 13:00:52 +0200

Subject: [PATCH] local: Avoid sockaddr_un::sun_path buffer overflow

The array's size in struct sockaddr_un is only UNIX_PATH_MAX and

according to unix(7), it should hold a null-terminated string. So adjust

config reader to reject paths of length UNIX_PATH_MAX and above and

adjust the internal arrays to aid the compiler.

Fixes: f196de88cdd97 ("src: fix strncpy -Wstringop-truncation warnings")

Signed-off-by: Phil Sutter <phil@nwl.cc>

(cherry picked from commit 96980c548d3a1aeb07ab6aaef45389efb058a69a)

---

 include/local.h      | 4 ++--

 src/read_config_yy.y | 6 +++---

 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/include/local.h b/include/local.h

index 9379446732eed..22859d7ab60aa 100644

--- a/include/local.h

+++ b/include/local.h

@@ -7,12 +7,12 @@

 struct local_conf {

 	int reuseaddr;

-	char path[UNIX_PATH_MAX + 1];

+	char path[UNIX_PATH_MAX];

 };

 struct local_server {

 	int fd;

-	char path[UNIX_PATH_MAX + 1];

+	char path[UNIX_PATH_MAX];

 };

 /* callback return values */

diff --git a/src/read_config_yy.y b/src/read_config_yy.y

index 401a1575014d0..d208a6a0617cf 100644

--- a/src/read_config_yy.y

+++ b/src/read_config_yy.y

@@ -699,12 +699,12 @@ unix_options:

 unix_option : T_PATH T_PATH_VAL

 {

-	if (strlen($2) > UNIX_PATH_MAX) {

+	if (strlen($2) >= UNIX_PATH_MAX) {

 		dlog(LOG_ERR, "Path is longer than %u characters",

-		     UNIX_PATH_MAX);

+		     UNIX_PATH_MAX - 1);

 		exit(EXIT_FAILURE);

 	}

-	snprintf(conf.local.path, sizeof(conf.local.path), "%s", $2);

+	strcpy(conf.local.path, $2);

 	free($2);

 };

-- 

2.34.1