From 937ae00b413b46f84aa77b5ca0dae38ed2b3415a Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Wed, 31 Aug 2022 13:00:52 +0200
Subject: [PATCH] local: Avoid sockaddr_un::sun_path buffer overflow

The array's size in struct sockaddr_un is only UNIX_PATH_MAX and
according to unix(7), it should hold a null-terminated string. So adjust
config reader to reject paths of length UNIX_PATH_MAX and above and
adjust the internal arrays to aid the compiler.

Fixes: f196de88cdd97 ("src: fix strncpy -Wstringop-truncation warnings")
Signed-off-by: Phil Sutter <phil@nwl.cc>
(cherry picked from commit 96980c548d3a1aeb07ab6aaef45389efb058a69a)
---
 include/local.h      | 4 ++--
 src/read_config_yy.y | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/include/local.h b/include/local.h
index 9379446732eed..22859d7ab60aa 100644
--- a/include/local.h
+++ b/include/local.h
@@ -7,12 +7,12 @@
 
 struct local_conf {
 	int reuseaddr;
-	char path[UNIX_PATH_MAX + 1];
+	char path[UNIX_PATH_MAX];
 };
 
 struct local_server {
 	int fd;
-	char path[UNIX_PATH_MAX + 1];
+	char path[UNIX_PATH_MAX];
 };
 
 /* callback return values */
diff --git a/src/read_config_yy.y b/src/read_config_yy.y
index 401a1575014d0..d208a6a0617cf 100644
--- a/src/read_config_yy.y
+++ b/src/read_config_yy.y
@@ -699,12 +699,12 @@ unix_options:
 
 unix_option : T_PATH T_PATH_VAL
 {
-	if (strlen($2) > UNIX_PATH_MAX) {
+	if (strlen($2) >= UNIX_PATH_MAX) {
 		dlog(LOG_ERR, "Path is longer than %u characters",
-		     UNIX_PATH_MAX);
+		     UNIX_PATH_MAX - 1);
 		exit(EXIT_FAILURE);
 	}
-	snprintf(conf.local.path, sizeof(conf.local.path), "%s", $2);
+	strcpy(conf.local.path, $2);
 	free($2);
 };
 
-- 
2.34.1