diff options
author | Andrew Bartlett <abartlet@samba.org> | 2019-10-18 21:11:13 +1300 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2019-10-18 16:07:35 +0000 |
commit | 9a02c31deb1a295a5cf403aba378057dfcd44268 (patch) | |
tree | 83cbc50fbe75c77441350000e7097063fc9c78ff /source3/lib | |
parent | 8e55a8562951924e4b1aad5a6d67fc8b309590c1 (diff) | |
download | samba-9a02c31deb1a295a5cf403aba378057dfcd44268.tar.gz |
lib: Explicitly refuse to truncate unix domain socket paths
This avoids creating a socket like:
.../winbindd_privileged/p
instead of
.../winbindd_privileged/pipe
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Diffstat (limited to 'source3/lib')
-rw-r--r-- | source3/lib/util_sock.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c index c97babeebe3..8fd2f7fa315 100644 --- a/source3/lib/util_sock.c +++ b/source3/lib/util_sock.c @@ -1095,6 +1095,7 @@ int create_pipe_sock(const char *socket_dir, int sock = -1; mode_t old_umask; char *path = NULL; + size_t path_len; old_umask = umask(0); @@ -1121,7 +1122,17 @@ int create_pipe_sock(const char *socket_dir, unlink(path); memset(&sunaddr, 0, sizeof(sunaddr)); sunaddr.sun_family = AF_UNIX; - strlcpy(sunaddr.sun_path, path, sizeof(sunaddr.sun_path)); + + path_len = strlcpy(sunaddr.sun_path, path, sizeof(sunaddr.sun_path)); + if (path_len > sizeof(sunaddr.sun_path)) { + DBG_ERR("Refusing to attempt to create pipe socket " + "%s. Path is longer than permitted for a " + "unix domain socket. It would truncate to " + "%s\n", + path, + sunaddr.sun_path); + goto out_close; + } if (bind(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) == -1) { DEBUG(0, ("bind failed on pipe socket %s: %s\n", path, |