From 96980c548d3a1aeb07ab6aaef45389efb058a69a Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Wed, 31 Aug 2022 13:00:52 +0200 Subject: local: Avoid sockaddr_un::sun_path buffer overflow The array's size in struct sockaddr_un is only UNIX_PATH_MAX and according to unix(7), it should hold a null-terminated string. So adjust config reader to reject paths of length UNIX_PATH_MAX and above and adjust the internal arrays to aid the compiler. Fixes: f196de88cdd97 ("src: fix strncpy -Wstringop-truncation warnings") Signed-off-by: Phil Sutter --- include/local.h | 4 ++-- src/read_config_yy.y | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/include/local.h b/include/local.h index 9379446..22859d7 100644 --- a/include/local.h +++ b/include/local.h @@ -7,12 +7,12 @@ struct local_conf { int reuseaddr; - char path[UNIX_PATH_MAX + 1]; + char path[UNIX_PATH_MAX]; }; struct local_server { int fd; - char path[UNIX_PATH_MAX + 1]; + char path[UNIX_PATH_MAX]; }; /* callback return values */ diff --git a/src/read_config_yy.y b/src/read_config_yy.y index 5815d6a..a2154be 100644 --- a/src/read_config_yy.y +++ b/src/read_config_yy.y @@ -699,12 +699,12 @@ unix_options: unix_option : T_PATH T_PATH_VAL { - if (strlen($2) > UNIX_PATH_MAX) { + if (strlen($2) >= UNIX_PATH_MAX) { dlog(LOG_ERR, "Path is longer than %u characters", - UNIX_PATH_MAX); + UNIX_PATH_MAX - 1); exit(EXIT_FAILURE); } - snprintf(conf.local.path, sizeof(conf.local.path), "%s", $2); + strcpy(conf.local.path, $2); free($2); }; -- cgit v1.2.3