[lxc-devel] make lxc_af_unix_open() safely return error on long pathnames
Serge Hallyn
serge.hallyn at ubuntu.com
Mon Apr 22 15:41:08 UTC 2013
Quoting Dwight Engen (dwight.engen at oracle.com):
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Thanks.
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
> ---
> src/lxc/af_unix.c | 17 +++++++++++++----
> 1 file changed, 13 insertions(+), 4 deletions(-)
>
> diff --git a/src/lxc/af_unix.c b/src/lxc/af_unix.c
> index eff13d4..45fe128 100644
> --- a/src/lxc/af_unix.c
> +++ b/src/lxc/af_unix.c
> @@ -36,6 +36,7 @@ lxc_log_define(lxc_af_unix, lxc);
> int lxc_af_unix_open(const char *path, int type, int flags)
> {
> int fd;
> + size_t len;
> struct sockaddr_un addr;
>
> if (flags & O_TRUNC)
> @@ -52,8 +53,16 @@ int lxc_af_unix_open(const char *path, int type, int flags)
>
> addr.sun_family = AF_UNIX;
> /* copy entire buffer in case of abstract socket */
> - memcpy(addr.sun_path, path,
> - path[0]?strlen(path):sizeof(addr.sun_path));
> + len = sizeof(addr.sun_path);
> + if (path[0]) {
> + len = strlen(path);
> + if (len >= sizeof(addr.sun_path)) {
> + close(fd);
> + errno = ENAMETOOLONG;
> + return -1;
> + }
> + }
> + memcpy(addr.sun_path, path, len);
>
> if (bind(fd, (struct sockaddr *)&addr, sizeof(addr))) {
> int tmp = errno;
> @@ -61,7 +70,7 @@ int lxc_af_unix_open(const char *path, int type, int flags)
> errno = tmp;
> return -1;
> }
> -
> +
> if (type == SOCK_STREAM && listen(fd, 100)) {
> int tmp = errno;
> close(fd);
> @@ -76,7 +85,7 @@ int lxc_af_unix_close(int fd)
> {
> struct sockaddr_un addr;
> socklen_t addrlen = sizeof(addr);
> -
> +
> if (!getsockname(fd, (struct sockaddr *)&addr, &addrlen) &&
> addr.sun_path[0])
> unlink(addr.sun_path);
> --
> 1.8.1.4
>
>
> ------------------------------------------------------------------------------
> Precog is a next-generation analytics platform capable of advanced
> analytics on semi-structured data. The platform includes APIs for building
> apps and a phenomenal toolset for data science. Developers can use
> our toolset for easy data analysis & visualization. Get a free account!
> http://www2.precog.com/precogplatform/slashdotnewsletter
> _______________________________________________
> Lxc-devel mailing list
> Lxc-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-devel
More information about the lxc-devel
mailing list