Check that UNIX socket filenames are not too long.

[tinc] / src / uml_device.c

diff --git a/src/uml_device.c b/src/uml_device.c
index 38ebd6f..4b574e8 100644 (file)
--- a/src/uml_device.c
+++ b/src/uml_device.c
@@ -47,10 +47,14 @@ static struct request {
        struct sockaddr_un sock;
 } request;
 
-static struct sockaddr_un data_sun;
+static struct sockaddr_un data_sun = {
+       .sun_family = AF_UNIX,
+};
 
 static bool setup_device(void) {
-       struct sockaddr_un listen_sun;
+       struct sockaddr_un listen_sun = {
+               .sun_family = AF_UNIX,
+       };
        static const int one = 1;
        struct {
                char zero;
@@ -105,7 +109,6 @@ static bool setup_device(void) {
        name.pid = getpid();
        gettimeofday(&tv, NULL);
        name.usecs = tv.tv_usec;
-       data_sun.sun_family = AF_UNIX;
        memcpy(&data_sun.sun_path, &name, sizeof(name));
 
        if(bind(data_fd, (struct sockaddr *)&data_sun, sizeof(data_sun)) < 0) {
@@ -131,7 +134,11 @@ static bool setup_device(void) {
                return false;
        }
 
-       listen_sun.sun_family = AF_UNIX;
+       if(strlen(device) >= sizeof(listen_sun.sun_path)) {
+               logger(DEBUG_ALWAYS, LOG_ERR, "UML socket filename %s is too long!", device);
+               return false;
+       }
+
        strncpy(listen_sun.sun_path, device, sizeof(listen_sun.sun_path));
 
        if(bind(listen_fd, (struct sockaddr *)&listen_sun, sizeof(listen_sun)) < 0) {
@@ -182,10 +189,8 @@ void close_device(void) {
        free(device);
        device = NULL;
 
-       if(iface) {
-               free(iface);
-               iface = NULL;
-       }
+       free(iface);
+       iface = NULL;
 
        device_info = NULL;
 }