util: fix abstract socket path copy

Commit 776b97d360 "qemu-sockets: add abstract UNIX domain socket support" neglected to update socket_sockaddr_to_address_unix() and copied the whole sun_path without taking "salen" into account. Later, commit 3b14b4ec49 "sockets: Fix socket_sockaddr_to_address_unix() for abstract sockets" handled the abstract UNIX path, by stripping the leading \0 character and fixing address details, but didn't use salen either. Not taking "salen" into account may result in incorrect "path" being returned in monitors commands, as we read past the address which is not necessarily \0-terminated. Fixes: 776b97d360 Fixes: 3b14b4ec49 Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: xiaoqiang zhao <zxq_yx_007@163.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2021-07-19 16:54:17 +04:00 · 2021-07-19 16:54:17 +04:00 · 4cfd970ec1
parent bccabb3a5d
commit 4cfd970ec1
1 changed files with 4 additions and 1 deletions
--- a/util/qemu-sockets.c
+++ b/util/qemu-sockets.c
@ -1345,13 +1345,16 @@ socket_sockaddr_to_address_unix(struct sockaddr_storage *sa,
    SocketAddress *addr;
    struct sockaddr_un *su = (struct sockaddr_un *)sa;

+    assert(salen >= sizeof(su->sun_family) + 1 &&
+           salen <= sizeof(struct sockaddr_un));
+
    addr = g_new0(SocketAddress, 1);
    addr->type = SOCKET_ADDRESS_TYPE_UNIX;
 #ifdef CONFIG_LINUX
    if (!su->sun_path[0]) {
        /* Linux abstract socket */
        addr->u.q_unix.path = g_strndup(su->sun_path + 1,
-                                        sizeof(su->sun_path) - 1);
+                                        salen - sizeof(su->sun_family) - 1);
        addr->u.q_unix.has_abstract = true;
        addr->u.q_unix.abstract = true;
        addr->u.q_unix.has_tight = true;