From 55c855683422f7b0ca0cb49cfa86f07a58d8f847 Mon Sep 17 00:00:00 2001 From: Robert Drehmel Date: Thu, 17 Oct 2002 15:52:42 +0000 Subject: [PATCH] - Allocate only enough space for a temporary buffer to hold the path including the terminating NUL character from `struct sockaddr_un' rather than SOCK_MAXADDRLEN bytes. - Use strlcpy() instead of strncpy() to copy strings. --- sys/kern/uipc_usrreq.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/sys/kern/uipc_usrreq.c b/sys/kern/uipc_usrreq.c index dac95c90680..5bbb35ce28e 100644 --- a/sys/kern/uipc_usrreq.c +++ b/sys/kern/uipc_usrreq.c @@ -600,12 +600,14 @@ unp_bind(unp, nam, td) if (unp->unp_vnode != NULL) return (EINVAL); + namelen = soun->sun_len - offsetof(struct sockaddr_un, sun_path); if (namelen <= 0) return EINVAL; - buf = malloc(SOCK_MAXADDRLEN, M_TEMP, M_WAITOK); - strncpy(buf, soun->sun_path, namelen); - buf[namelen] = 0; /* null-terminate the string */ + + buf = malloc(namelen + 1, M_TEMP, M_WAITOK); + strlcpy(buf, soun->sun_path, namelen + 1); + restart: NDINIT(&nd, CREATE, NOFOLLOW | LOCKPARENT | SAVENAME, UIO_SYSSPACE, buf, td); @@ -680,8 +682,7 @@ unp_connect(so, nam, td) len = nam->sa_len - offsetof(struct sockaddr_un, sun_path); if (len <= 0) return EINVAL; - strncpy(buf, soun->sun_path, len); - buf[len] = 0; + strlcpy(buf, soun->sun_path, len + 1); NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_SYSSPACE, buf, td); error = namei(&nd);