The branch, master has been updated
via a8f4c12d9f1736b038eb1f63bd5e2a07058cddd1 (commit)
via 7d9c3eea7fd46abff305827c9e3f1fc7e5ab1e5d (commit)
from 44b4600fd51677e54dd167734ca9252b58237cda (commit)
- Log -----------------------------------------------------------------
commit a8f4c12d9f1736b038eb1f63bd5e2a07058cddd1
Author: Philipp Gesang <philipp.gesang@xxxxxxxxxxxxx>
Date: Tue Mar 10 15:42:03 2015 +0100
readme: bump year in copyright info
commit 7d9c3eea7fd46abff305827c9e3f1fc7e5ab1e5d
Author: Philipp Gesang <philipp.gesang@xxxxxxxxxxxxx>
Date: Tue Mar 10 15:23:23 2015 +0100
socket_client.cpp: prevent buffer overflow in creation of unix socket
Path size for UNIX domain sockets is fixed at 108, however, the
method ``.unix_connect()`` of the socket client class accepts
STL strings of any length unchecked. Thus itâ??s trivial to provoke
a segfault:
libt2n::socket_client_connection sc(std::string(42 * 42, '!'));
and ... bang!
A check of the client-supplied path value against the buffer size
of ``sockaddr_un.sun_path[]`` is added to prevent the issue.
-----------------------------------------------------------------------
Summary of changes:
README | 2 +-
src/socket_client.cpp | 12 +++++++++++-
2 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/README b/README
index 5ecb78b..4835c18 100644
--- a/README
+++ b/README
@@ -28,5 +28,5 @@ You'll find the newest version of libt2n at:
http://www.intra2net.com/en/developer/libt2n
-------------------------------------------------------------------
-www.intra2net.com 2006-2011 Intra2net AG
+www.intra2net.com 2006-2015 Intra2net AG
-------------------------------------------------------------------
diff --git a/src/socket_client.cpp b/src/socket_client.cpp
index 9f0064b..fecad13 100644
--- a/src/socket_client.cpp
+++ b/src/socket_client.cpp
@@ -159,9 +159,19 @@ void socket_client_connection::tcp_connect(int max_retries)
void socket_client_connection::unix_connect(int max_retries)
{
struct sockaddr_un unix_addr;
+ size_t path_size = path.size();
unix_addr.sun_family = AF_UNIX;
- strcpy (unix_addr.sun_path, path.c_str());
+
+ if (path_size >= sizeof(unix_addr.sun_path))
+ {
+ throw t2n_connect_error((std::string)"path '"
+ + path
+ + "' exceeds permissible UNIX socket path
length");
+ }
+
+ memcpy(unix_addr.sun_path, path.c_str(), path_size);
+ unix_addr.sun_path[path_size] = '\0';
sock = socket(PF_UNIX, SOCK_STREAM, 0);
if (!sock)
hooks/post-receive
--
C++ inter-process communication library
--
libt2n-git - see http://www.intra2net.com/en/developer/libt2n for details.
To unsubscribe send a mail to libt2n-git+unsubscribe@xxxxxxxxxxxxxxxxxxxxxxx
|