| Message ID | 1473910743-26204-1-git-send-email-blp@ovn.org |
|---|---|
| State | Accepted |
| Headers | show |
On Wed, Sep 14, 2016 at 08:39:03PM -0700, Ben Pfaff wrote: > If the socket length does not include any of the bytes of the path, then > the code should not read even the first byte of the path. > > Found by valgrind. > > CC: Thadeu Lima de Souza Cascardo <cascardo@redhat.com> > Reported-by: Joe Stringer <joe@ovn.org> > Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com> > --- > lib/socket-util-unix.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/lib/socket-util-unix.c b/lib/socket-util-unix.c > index 5d4b88c..59f63fc 100644 > --- a/lib/socket-util-unix.c > +++ b/lib/socket-util-unix.c > @@ -1,5 +1,5 @@ > /* > - * Copyright (c) 2014 Nicira, Inc. > + * Copyright (c) 2014, 2016 Nicira, Inc. > * > * Licensed under the Apache License, Version 2.0 (the "License"); > * you may not use this file except in compliance with the License. > @@ -389,7 +389,7 @@ error: > int > get_unix_name_len(const struct sockaddr_un *sun, socklen_t sun_len) > { > - return (sun_len >= offsetof(struct sockaddr_un, sun_path) && > + return (sun_len > offsetof(struct sockaddr_un, sun_path) && > sun->sun_path[0] != 0 > ? sun_len - offsetof(struct sockaddr_un, sun_path) > : 0); > -- > 2.1.3 >
On 14 September 2016 at 20:39, Ben Pfaff <blp@ovn.org> wrote: > If the socket length does not include any of the bytes of the path, then > the code should not read even the first byte of the path. > > Found by valgrind. > > CC: Thadeu Lima de Souza Cascardo <cascardo@redhat.com> > Reported-by: Joe Stringer <joe@ovn.org> > Signed-off-by: Ben Pfaff <blp@ovn.org> Thanks. Acked-by: Joe Stringer <joe@ovn.org>
On Thu, Sep 15, 2016 at 10:27:09AM -0700, Joe Stringer wrote: > On 14 September 2016 at 20:39, Ben Pfaff <blp@ovn.org> wrote: > > If the socket length does not include any of the bytes of the path, then > > the code should not read even the first byte of the path. > > > > Found by valgrind. > > > > CC: Thadeu Lima de Souza Cascardo <cascardo@redhat.com> > > Reported-by: Joe Stringer <joe@ovn.org> > > Signed-off-by: Ben Pfaff <blp@ovn.org> > > Thanks. > > Acked-by: Joe Stringer <joe@ovn.org> Thanks Joe and Thadeu, I applied this to master and branch-2.6.
diff --git a/lib/socket-util-unix.c b/lib/socket-util-unix.c index 5d4b88c..59f63fc 100644 --- a/lib/socket-util-unix.c +++ b/lib/socket-util-unix.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2014 Nicira, Inc. + * Copyright (c) 2014, 2016 Nicira, Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -389,7 +389,7 @@ error: int get_unix_name_len(const struct sockaddr_un *sun, socklen_t sun_len) { - return (sun_len >= offsetof(struct sockaddr_un, sun_path) && + return (sun_len > offsetof(struct sockaddr_un, sun_path) && sun->sun_path[0] != 0 ? sun_len - offsetof(struct sockaddr_un, sun_path) : 0);
If the socket length does not include any of the bytes of the path, then the code should not read even the first byte of the path. Found by valgrind. CC: Thadeu Lima de Souza Cascardo <cascardo@redhat.com> Reported-by: Joe Stringer <joe@ovn.org> Signed-off-by: Ben Pfaff <blp@ovn.org> --- lib/socket-util-unix.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)