libt2n-git Archives
<prev [Date Index] next>
<prev [Thread Index] next>

Subject: C++ inter-process communication library branch, master, updated. v0.6-24-ga8f4c12

From: libt2n-git@xxxxxxxxxxxxxxxxxxxxxxx
To: libt2n-git@xxxxxxxxxxxxxxxxxxxxxxx
Date: Tue, 10 Mar 2015 17:06:18 +0100 (CET) 
The branch, master has been updated
       via  a8f4c12d9f1736b038eb1f63bd5e2a07058cddd1 (commit)
       via  7d9c3eea7fd46abff305827c9e3f1fc7e5ab1e5d (commit)
      from  44b4600fd51677e54dd167734ca9252b58237cda (commit)


- Log -----------------------------------------------------------------
commit a8f4c12d9f1736b038eb1f63bd5e2a07058cddd1
Author: Philipp Gesang <philipp.gesang@xxxxxxxxxxxxx>
Date:   Tue Mar 10 15:42:03 2015 +0100

    readme: bump year in copyright info

commit 7d9c3eea7fd46abff305827c9e3f1fc7e5ab1e5d
Author: Philipp Gesang <philipp.gesang@xxxxxxxxxxxxx>
Date:   Tue Mar 10 15:23:23 2015 +0100

    socket_client.cpp: prevent buffer overflow in creation of unix socket
    
    Path size for UNIX domain sockets is fixed at 108, however, the
    method ``.unix_connect()`` of the socket client class accepts
    STL strings of any length unchecked. Thus itâ??s trivial to provoke
    a segfault:
    
        libt2n::socket_client_connection sc(std::string(42 * 42, '!'));
    
    and ... bang!
    
    A check of the client-supplied path value against the buffer size
    of ``sockaddr_un.sun_path[]`` is added to prevent the issue.

-----------------------------------------------------------------------

Summary of changes:
 README                |    2 +-
 src/socket_client.cpp |   12 +++++++++++-
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/README b/README
index 5ecb78b..4835c18 100644
--- a/README
+++ b/README
@@ -28,5 +28,5 @@ You'll find the newest version of libt2n at:
 http://www.intra2net.com/en/developer/libt2n
 
 -------------------------------------------------------------------
-www.intra2net.com                            2006-2011 Intra2net AG
+www.intra2net.com                            2006-2015 Intra2net AG
 -------------------------------------------------------------------
diff --git a/src/socket_client.cpp b/src/socket_client.cpp
index 9f0064b..fecad13 100644
--- a/src/socket_client.cpp
+++ b/src/socket_client.cpp
@@ -159,9 +159,19 @@ void socket_client_connection::tcp_connect(int max_retries)
 void socket_client_connection::unix_connect(int max_retries)
 {
     struct sockaddr_un unix_addr;
+    size_t path_size = path.size();
 
     unix_addr.sun_family = AF_UNIX;
-    strcpy (unix_addr.sun_path, path.c_str());
+
+    if (path_size >= sizeof(unix_addr.sun_path))
+    {
+        throw t2n_connect_error((std::string)"path '"
+                                + path
+                                + "' exceeds permissible UNIX socket path 
length");
+    }
+
+    memcpy(unix_addr.sun_path, path.c_str(), path_size);
+    unix_addr.sun_path[path_size] = '\0';
 
     sock = socket(PF_UNIX, SOCK_STREAM, 0);
     if (!sock)


hooks/post-receive
-- 
C++ inter-process communication library

--
libt2n-git - see http://www.intra2net.com/en/developer/libt2n for details.
To unsubscribe send a mail to libt2n-git+unsubscribe@xxxxxxxxxxxxxxxxxxxxxxx
Current Thread
  • C++ inter-process communication library branch, master, updated. v0.6-24-ga8f4c12, libt2n-git <=