diff options
author | Michal Kubecek <mkubecek@suse.cz> | 2019-07-15 08:46:23 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-07-15 10:10:14 +0200 |
commit | b47e00e8a579519b163cb4faed017463bf64c40d (patch) | |
tree | 0d8fa9ff27705e050cbd99271b01f7be2b654c1a /src/read_config_yy.y | |
parent | c12fa8df76752b0a011430f069677b52e4dad164 (diff) |
conntrackd: use correct max unix path length
When copying value of "Path" option for unix socket, target buffer size is
UNIX_MAX_PATH so that we must not copy more bytes than that. Also make sure
that the path is null terminated and bail out if user provided path is too
long rather than silently truncate it.
Fixes: ce06fb606906 ("conntrackd: use strncpy() to unix path")
Signed-off-by: Michal Kubecek <mkubecek@suse.cz>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/read_config_yy.y')
-rw-r--r-- | src/read_config_yy.y | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/read_config_yy.y b/src/read_config_yy.y index ceba6fc..4311cd6 100644 --- a/src/read_config_yy.y +++ b/src/read_config_yy.y @@ -689,8 +689,13 @@ unix_options: unix_option : T_PATH T_PATH_VAL { - strncpy(conf.local.path, $2, PATH_MAX); + strncpy(conf.local.path, $2, UNIX_PATH_MAX); free($2); + if (conf.local.path[UNIX_PATH_MAX - 1]) { + dlog(LOG_ERR, "UNIX Path is longer than %u characters", + UNIX_PATH_MAX - 1); + exit(EXIT_FAILURE); + } }; unix_option : T_BACKLOG T_NUMBER |