[lxc-devel] make lxc_af_unix_open() safely return error on long pathnames

[Dwight Engen]

Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
---
 src/lxc/af_unix.c | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/src/lxc/af_unix.c b/src/lxc/af_unix.c
index eff13d4..45fe128 100644
--- a/src/lxc/af_unix.c
+++ b/src/lxc/af_unix.c
@@ -36,6 +36,7 @@ lxc_log_define(lxc_af_unix, lxc);
 int lxc_af_unix_open(const char *path, int type, int flags)
 {
 	int fd;
+	size_t len;
 	struct sockaddr_un addr;
 
 	if (flags & O_TRUNC)
@@ -52,8 +53,16 @@ int lxc_af_unix_open(const char *path, int type, int flags)
 
 	addr.sun_family = AF_UNIX;
 	/* copy entire buffer in case of abstract socket */
-	memcpy(addr.sun_path, path,
-	       path[0]?strlen(path):sizeof(addr.sun_path));
+	len = sizeof(addr.sun_path);
+	if (path[0]) {
+		len = strlen(path);
+		if (len >= sizeof(addr.sun_path)) {
+			close(fd);
+			errno = ENAMETOOLONG;
+			return -1;
+		}
+	}
+	memcpy(addr.sun_path, path, len);
 
 	if (bind(fd, (struct sockaddr *)&addr, sizeof(addr))) {
 		int tmp = errno;
@@ -61,7 +70,7 @@ int lxc_af_unix_open(const char *path, int type, int flags)
 		errno = tmp;
 		return -1;
 	}
-	
+
 	if (type == SOCK_STREAM && listen(fd, 100)) {
 		int tmp = errno;
 		close(fd);
@@ -76,7 +85,7 @@ int lxc_af_unix_close(int fd)
 {
 	struct sockaddr_un addr;
 	socklen_t addrlen = sizeof(addr);
-	
+
 	if (!getsockname(fd, (struct sockaddr *)&addr, &addrlen) &&
 	    addr.sun_path[0])
 		unlink(addr.sun_path);
-- 
1.8.1.4