socket-util: explicitly ensure there's one trailing NUL byte on AF_UNIX socket addresses

AF_UNIX socket addresses aren't necessarily NUL terminated, however
they are usually used as strings which are assumed to be NUL terminated.
Let's hence add an extra byte to the end of the sockaddr_un structure,
that contains this NUL byte, simply for safety reasons.

Note that actually this patch changes exactly nothing IRL, as the other
sockaddr structures already are large enough to accomodate for an extra
NUL byte. The size of the union hence doesn't change at all by doing
this. The entire value of this patch is hence in the philosophical
feeling of safety, and by making something explicit that before was
implicit.

diff --git a/src/basic/socket-util.h b/src/basic/socket-util.h
index 83af91d..49c937a 100644 (file)
--- a/src/basic/socket-util.h
+++ b/src/basic/socket-util.h
@@ -36,16 +36,26 @@
 #include "util.h"
 
 union sockaddr_union {
+        /* The minimal, abstract version */
         struct sockaddr sa;
+
+        /* The libc provided version that allocates "enough room" for every protocol */
+        struct sockaddr_storage storage;
+
+        /* Protoctol-specific implementations */
         struct sockaddr_in in;
         struct sockaddr_in6 in6;
         struct sockaddr_un un;
         struct sockaddr_nl nl;
-        struct sockaddr_storage storage;
         struct sockaddr_ll ll;
         struct sockaddr_vm vm;
+
         /* Ensure there is enough space to store Infiniband addresses */
         uint8_t ll_buffer[offsetof(struct sockaddr_ll, sll_addr) + CONST_MAX(ETH_ALEN, INFINIBAND_ALEN)];
+
+        /* Ensure there is enough space after the AF_UNIX sun_path for one more NUL byte, just to be sure that the path
+         * component is always followed by at least one NUL byte. */
+        uint8_t un_buffer[sizeof(struct sockaddr_un) + 1];
 };
 
 typedef struct SocketAddress {