From 004b5f944539fc74d49f90625c263109585fb52f Mon Sep 17 00:00:00 2001
From: Vincent Bernat <vincent@bernat.im>
Date: Wed, 18 Mar 2015 15:25:36 +0100
Subject: [PATCH] priv: ensure we write exactly what will be read

When using SOCK_DGRAM/SOCK_SEQPACKET, it doesn't matter to write a bit
more since it is truncated. However, if we want to switch to
SOCK_STREAM, we must exactly write the right amount of bytes.
---
 src/daemon/priv-linux.c | 4 ++--
 src/daemon/priv.c       | 7 ++++---
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/daemon/priv-linux.c b/src/daemon/priv-linux.c
index 69054cd7..cc140879 100644
--- a/src/daemon/priv-linux.c
+++ b/src/daemon/priv-linux.c
@@ -47,7 +47,7 @@ priv_open(char *file)
 	must_write(PRIV_UNPRIVILEGED, &cmd, sizeof(enum priv_cmd));
 	len = strlen(file);
 	must_write(PRIV_UNPRIVILEGED, &len, sizeof(int));
-	must_write(PRIV_UNPRIVILEGED, file, len + 1);
+	must_write(PRIV_UNPRIVILEGED, file, len);
 	priv_wait();
 	must_read(PRIV_UNPRIVILEGED, &rc, sizeof(int));
 	if (rc == -1)
@@ -64,7 +64,7 @@ priv_ethtool(char *ifname, void *ethc, size_t length)
 	must_write(PRIV_UNPRIVILEGED, &cmd, sizeof(enum priv_cmd));
 	len = strlen(ifname);
 	must_write(PRIV_UNPRIVILEGED, &len, sizeof(int));
-	must_write(PRIV_UNPRIVILEGED, ifname, len + 1);
+	must_write(PRIV_UNPRIVILEGED, ifname, len);
 	priv_wait();
 	must_read(PRIV_UNPRIVILEGED, &rc, sizeof(int));
 	if (rc != 0)
diff --git a/src/daemon/priv.c b/src/daemon/priv.c
index 00e18846..e0f35f66 100644
--- a/src/daemon/priv.c
+++ b/src/daemon/priv.c
@@ -107,7 +107,8 @@ priv_gethostname()
 	must_read(PRIV_UNPRIVILEGED, &rc, sizeof(int));
 	if ((buf = (char*)realloc(buf, rc+1)) == NULL)
 		fatal("privsep", NULL);
-	must_read(PRIV_UNPRIVILEGED, buf, rc+1);
+	must_read(PRIV_UNPRIVILEGED, buf, rc);
+	buf[rc] = '\0';
 	return buf;
 }
 
@@ -229,11 +230,11 @@ asroot_gethostname()
 #endif
                 len = strlen(un.nodename);
                 must_write(PRIV_PRIVILEGED, &len, sizeof(int));
-                must_write(PRIV_PRIVILEGED, un.nodename, len + 1);
+                must_write(PRIV_PRIVILEGED, un.nodename, len);
         } else {
                 len = strlen(res->ai_canonname);
                 must_write(PRIV_PRIVILEGED, &len, sizeof(int));
-                must_write(PRIV_PRIVILEGED, res->ai_canonname, len + 1);
+                must_write(PRIV_PRIVILEGED, res->ai_canonname, len);
 		freeaddrinfo(res);
         }
 }
-- 
2.39.5