From: Peter Maydell <peter.maydell@linaro.org>
Date: Wed, 1 Sep 2021 15:26:32 +0000 (+0100)
Subject: tests/vhost-user-bridge.c: Sanity check socket path length
X-Git-Tag: v6.2.0-rc0~116^2~12
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f88435148dd38a9c609de348abc9ae231f2dbfc0;p=thirdparty%2Fqemu.git

tests/vhost-user-bridge.c: Sanity check socket path length

The vhost-user-bridge binary accepts a UNIX socket path on
the command line. Sanity check that this is short enough to
fit into a sockaddr_un before copying it in.

Fixes: Coverity CID 1432866
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20210901152632.25511-1-peter.maydell@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---

diff --git a/tests/vhost-user-bridge.c b/tests/vhost-user-bridge.c
index 24815920b2b..cb009545fa5 100644
--- a/tests/vhost-user-bridge.c
+++ b/tests/vhost-user-bridge.c
@@ -540,6 +540,11 @@ vubr_new(const char *path, bool client)
     CallbackFunc cb;
     size_t len;
 
+    if (strlen(path) >= sizeof(un.sun_path)) {
+        fprintf(stderr, "unix domain socket path '%s' is too long\n", path);
+        exit(1);
+    }
+
     /* Get a UNIX socket. */
     dev->sock = socket(AF_UNIX, SOCK_STREAM, 0);
     if (dev->sock == -1) {