Prevent buffer overflow with a long socket path name.

The code wasn't checking for overflow before copying the socket path name to to the sun_path field, which is usually much smaller than PATH_MAX. Report and initial patch by Paul Wilkinson.
author: Ned T. Crigler <crigler@users.sourceforge.net> 2014-08-04 12:40:20 -0700
committer: Ned T. Crigler <crigler@users.sourceforge.net> 2014-08-04 13:00:19 -0700
commit: a51207bf473193016e38814ceea27335f517cb16 (patch)
tree: b867ec20d89eac949aaf8c63ae8209119a26df12 /attach.c
parent: fc78d94e7f1b810b56d25fd25ae7ef6b076d6ab8 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/attach.c b/attach.c
index 8137130..a4ae626 100644
--- a/attach.c
+++ b/attach.c
@@ -52,6 +52,12 @@ connect_socket(char *name)
 	int s;
 	struct sockaddr_un sockun;
 
+	if (strlen(name) > sizeof(sockun.sun_path) - 1)
+	{
+		errno = ENAMETOOLONG;
+		return -1;
+	}
+
 	s = socket(PF_UNIX, SOCK_STREAM, 0);
 	if (s < 0)
 		return -1;
author	Ned T. Crigler <crigler@users.sourceforge.net>	2014-08-04 12:40:20 -0700
committer	Ned T. Crigler <crigler@users.sourceforge.net>	2014-08-04 13:00:19 -0700
commit	a51207bf473193016e38814ceea27335f517cb16 (patch)
tree	b867ec20d89eac949aaf8c63ae8209119a26df12 /attach.c
parent	fc78d94e7f1b810b56d25fd25ae7ef6b076d6ab8 (diff)