Check if path isn't too long before copying to sock path

author Zofia Grzelewska <z.abramowska@samsung.com>

Wed, 21 Feb 2018 12:03:50 +0000 (13:03 +0100)

committer Krzysztof Jackiewicz <k.jackiewicz@samsung.com>

Fri, 23 Feb 2018 08:33:08 +0000 (08:33 +0000)
author Zofia Grzelewska <z.abramowska@samsung.com>
Wed, 21 Feb 2018 12:03:50 +0000 (13:03 +0100)
committer Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
Fri, 23 Feb 2018 08:33:08 +0000 (08:33 +0000)
diff --git a/src/ipc/sock.cpp b/src/ipc/sock.cpp

index 34022e0..99c21b4 100644 (file)
--- a/src/ipc/sock.cpp
+++ b/src/ipc/sock.cpp
@@ -1,5 +1,5 @@
  /*
- *  Copyright (c) 2017 Samsung Electronics Co.
+ *  Copyright (c) 2017-2018 Samsung Electronics Co.
   *
   *  Licensed under the Apache License, Version 2.0 (the "License");
   *  you may not use this file except in compliance with the License.
@@ -169,6 +169,10 @@ int Sock::connect(const std::string &path) {
              ALOGE("Too long address (path) for UNIX socket");
              return -1;
          }
+        if (path.size() >= sizeof(remote.sun_path)) {
+            ALOGE("Path " << path << " is too long");
+            return -1;
+        }
          memcpy(remote.sun_path, path.c_str(), path.size()+1);
      }
  
@@ -222,6 +226,10 @@ int Sock::send(const RawBuffer &buffer) {
              struct sockaddr_un addr;
              memset(&addr, 0, sizeof(addr));
              addr.sun_family = AF_UNIX;
+            if (m_path.size() >= sizeof(addr.sun_path)) {
+                ALOGE("Path " << m_path << " is too long");
+                return -1;
+            }
              memcpy(addr.sun_path, m_path.data(), m_path.size());
              return static_cast<int>(
                  TEMP_FAILURE_RETRY(::sendto(m_fd, buffer.data(), buffer.size(), flags,
author	Zofia Grzelewska <z.abramowska@samsung.com>
	Wed, 21 Feb 2018 12:03:50 +0000 (13:03 +0100)
committer	Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
	Fri, 23 Feb 2018 08:33:08 +0000 (08:33 +0000)