upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-05-28 04:12:45 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

- Allocate only enough space for a temporary buffer to hold

Browse source 
the path including the terminating NUL character from
   `struct sockaddr_un' rather than SOCK_MAXADDRLEN bytes.
 - Use strlcpy() instead of strncpy() to copy strings.
This commit is contained in:
Robert Drehmel 2002-10-17 15:52:42 +00:00
parent d3d67116a6
commit 55c8556834
1 changed files with 6 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
sys/kern/uipc_usrreq.c
View file

@ -600,12 +600,14 @@ unp_bind(unp, nam, td)
if (unp->unp_vnode != NULL)
return (EINVAL);
namelen = soun->sun_len - offsetof(struct sockaddr_un, sun_path);
if (namelen <= 0)
return EINVAL;
buf = malloc(SOCK_MAXADDRLEN, M_TEMP, M_WAITOK);
strncpy(buf, soun->sun_path, namelen);
buf[namelen] = 0; /* null-terminate the string */
buf = malloc(namelen + 1, M_TEMP, M_WAITOK);
strlcpy(buf, soun->sun_path, namelen + 1);
restart:
NDINIT(&nd, CREATE, NOFOLLOW | LOCKPARENT | SAVENAME, UIO_SYSSPACE,
buf, td);
@ -680,8 +682,7 @@ unp_connect(so, nam, td)
len = nam->sa_len - offsetof(struct sockaddr_un, sun_path);
if (len <= 0)
return EINVAL;
strncpy(buf, soun->sun_path, len);
buf[len] = 0;
strlcpy(buf, soun->sun_path, len + 1);
NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_SYSSPACE, buf, td);
error = namei(&nd);