From 959da6b7f2b5ed63426fd12a9046ac06033f6db1 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Fri, 1 Jul 2011 12:06:54 -0400 Subject: Use strlcpy in create_unix_sockaddr() Using strncpy meant that if listenaddress were ever >= sizeof(sockaddr_un.sun_path), we would fail to nul-terminate sun_path. This isn't a big deal: we never read sun_path, and the kernel is smart enough to reject the sockaddr_un if it isn't nul-terminated. Nonetheless, it's a dumb failure mode. Instead, we should reject addresses that don't fit in sockaddr_un.sun_path. Coverity found this; it's CID 428. Bugfix on 0.2.0.3-alpha. --- changes/cid_428 | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 changes/cid_428 (limited to 'changes') diff --git a/changes/cid_428 b/changes/cid_428 new file mode 100644 index 0000000000..cb0fc8c2b2 --- /dev/null +++ b/changes/cid_428 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Always NUL-terminate the sun_path field of a sockaddr_un before + passing it to the kernel. (Not a security issue: kernels are + smart enough to reject bad sockaddr_uns.) Found by Coverity; CID + # 428. Bugfix on Tor 0.2.0.3-alpha. -- cgit v1.2.3-54-g00ecf