check for overlong unix socket paths In pcu_l1if_open(), use osmo_strlcpy() instead of strncpy() and check for overflow. This catches overlong and non-NUL-terminated socket paths. Change-Id: I825190cbb34d052b797e9fb5208884d6f5992839 Related: OS#2673

commit: 173d7fdbb9965fa1304420a30762831e2702e204 [log] [tgz]
author: Stefan Sperling <ssperling@sysmocom.de> Thu Sep 20 18:31:36 2018 +0200
committer: Stefan Sperling <ssperling@sysmocom.de> Thu Sep 20 18:31:36 2018 +0200
tree: d1c181b431922fe9e0c85b40695796d94cff2c46
parent: 076122f5926ffd85d1639f51a6ab3da080a2276b [diff] [blame]
diff --git a/src/osmobts_sock.cpp b/src/osmobts_sock.cpp
index 477521d..6b49347 100644
--- a/src/osmobts_sock.cpp
+++ b/src/osmobts_sock.cpp

@@ -265,8 +265,11 @@
 	}
 
 	local.sun_family = AF_UNIX;
-	strncpy(local.sun_path, bts->pcu_sock_path, sizeof(local.sun_path));
-	local.sun_path[sizeof(local.sun_path) - 1] = '\0';
+	if (osmo_strlcpy(local.sun_path, bts->pcu_sock_path, sizeof(local.sun_path)) >= sizeof(local.sun_path)) {
+		LOGP(DLGLOBAL, LOGL_ERROR, "Socket path exceeds maximum length of %zd bytes: %s\n",
+		     sizeof(local.sun_path), bts->pcu_sock_path);
+		return -ENOSPC;
+	}
 
 	/* we use the same magic that X11 uses in Xtranssock.c for
 	 * calculating the proper length of the sockaddr */
commit	173d7fdbb9965fa1304420a30762831e2702e204	[log] [tgz]
author	Stefan Sperling <ssperling@sysmocom.de>	Thu Sep 20 18:31:36 2018 +0200
committer	Stefan Sperling <ssperling@sysmocom.de>	Thu Sep 20 18:31:36 2018 +0200
tree	d1c181b431922fe9e0c85b40695796d94cff2c46
parent	076122f5926ffd85d1639f51a6ab3da080a2276b [diff] [blame]