From: Karel Zak <kzak@redhat.com>
Date: Wed, 30 Sep 2015 10:42:16 +0000 (+0200)
Subject: libuuid: fix buffer overflow with long paths
X-Git-Tag: v2.28-rc1~334
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d5358bbb6bb5c21a6343fa6329d37c2614e7819d;p=thirdparty%2Futil-linux.git

libuuid: fix buffer overflow with long paths

Based on patch from Justin Akers, he wrote:
> When building Openembedded inside a Jenkins matrix job the paths can
> get quite long. This ensures libuuid won't crash when attempting to
> connect to uuidd in such a scenario.

Reported-by: Justin Akers <dafugg@gmail.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
---

diff --git a/libuuid/src/gen_uuid.c b/libuuid/src/gen_uuid.c
index 2c5b955642..4d60997209 100644
--- a/libuuid/src/gen_uuid.c
+++ b/libuuid/src/gen_uuid.c
@@ -85,6 +85,7 @@
 #include "uuidP.h"
 #include "uuidd.h"
 #include "randutils.h"
+#include "strutils.h"
 #include "c.h"
 
 #ifdef HAVE_TLS
@@ -329,6 +330,7 @@ try_again:
 }
 
 #if defined(HAVE_UUIDD) && defined(HAVE_SYS_UN_H)
+
 /*
  * Try using the uuidd daemon to generate the UUID
  *
@@ -343,11 +345,14 @@ static int get_uuid_via_daemon(int op, uuid_t out, int *num)
 	int32_t reply_len = 0, expected = 16;
 	struct sockaddr_un srv_addr;
 
+	if (sizeof(UUIDD_SOCKET_PATH) > sizeof(srv_addr.sun_path))
+		return -1;
+
 	if ((s = socket(AF_UNIX, SOCK_STREAM, 0)) < 0)
 		return -1;
 
 	srv_addr.sun_family = AF_UNIX;
-	strcpy(srv_addr.sun_path, UUIDD_SOCKET_PATH);
+	xstrncpy(srv_addr.sun_path, UUIDD_SOCKET_PATH, sizeof(srv_addr.sun_path));
 
 	if (connect(s, (const struct sockaddr *) &srv_addr,
 		    sizeof(struct sockaddr_un)) < 0)