From 9cf8a3ccd6531c2cf2695b4598c6ceff75ed2dc9 Mon Sep 17 00:00:00 2001
From: Tim Allen <screwtape@froup.com>
Date: Thu, 7 Apr 2022 21:36:15 +1000
Subject: Check for buffer overflow when constructing the socket path.

---
 src/remote.cc | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/remote.cc b/src/remote.cc
index 7a8f0d02..63a7fecf 100644
--- a/src/remote.cc
+++ b/src/remote.cc
@@ -614,7 +614,10 @@ static sockaddr_un session_addr(StringView session)
 {
     sockaddr_un addr;
     addr.sun_family = AF_UNIX;
-    strcpy(addr.sun_path, session_path(session).c_str());
+    String path = session_path(session);
+    if (path.length() + 1 > sizeof addr.sun_path)
+        throw runtime_error{format("socket path too long: '{}'", path)};
+    strcpy(addr.sun_path, path.c_str());
     return addr;
 }
 
-- 
cgit v1.2.3