From: Andreas Kohn Date: Wed, 19 Jan 2011 19:29:32 +0000 (+0100) Subject: [MINOR] cfgparse: Check whether the path given for the stats socket actually fits... X-Git-Tag: v1.5-dev8~323 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=16171e234bc8e0ba2f1a0ce290b460f385a2fe42;p=thirdparty%2Fhaproxy.git [MINOR] cfgparse: Check whether the path given for the stats socket actually fits into the sockaddr_un structure to avoid truncation. while working further on the changes to allow for dynamic adding/removing of backend servers we noticed a potential problem: the path given for the 'stats socket' global option may get truncated when copying it into the sockaddr_un.sun_path field. Attached patch checks the length, and reports an error if truncation would happen. This issue was noticed by Joerg Sonnenberger . --- diff --git a/src/dumpstats.c b/src/dumpstats.c index a45d40a811..980b28485a 100644 --- a/src/dumpstats.c +++ b/src/dumpstats.c @@ -151,7 +151,7 @@ static int stats_parse_global(char **args, int section_type, struct proxy *curpx { args++; if (!strcmp(args[0], "socket")) { - struct sockaddr_un su; + struct sockaddr_un *su; int cur_arg; if (*args[1] == 0) { @@ -164,10 +164,12 @@ static int stats_parse_global(char **args, int section_type, struct proxy *curpx return -1; } - su.sun_family = AF_UNIX; - strncpy(su.sun_path, args[1], sizeof(su.sun_path)); - su.sun_path[sizeof(su.sun_path) - 1] = 0; - memcpy(&global.stats_sock.addr, &su, sizeof(su)); // guaranteed to fit + su = str2sun(args[1]); + if (!su) { + snprintf(err, errlen, "'stats socket' path would require truncation"); + return -1; + } + memcpy(&global.stats_sock.addr, su, sizeof(struct sockaddr_un)); // guaranteed to fit if (!global.stats_fe) { if ((global.stats_fe = alloc_stats_fe("GLOBAL")) == NULL) {