libuuid: fix buffer overflow with long paths

Based on patch from Justin Akers, he wrote:
> When building Openembedded inside a Jenkins matrix job the paths can
> get quite long. This ensures libuuid won't crash when attempting to
> connect to uuidd in such a scenario.

Reported-by: Justin Akers <dafugg@gmail.com>
Signed-off-by: Karel Zak <kzak@redhat.com>

diff --git a/libuuid/src/gen_uuid.c b/libuuid/src/gen_uuid.c
index 2c5b955642759c8c92af23e5ca9afe60ebe06613..4d6099720944b1daf9dd87b10b32defbacd0c37b 100644 (file)
--- a/libuuid/src/gen_uuid.c
+++ b/libuuid/src/gen_uuid.c
@@ -85,6 +85,7 @@
 #include "uuidP.h"
 #include "uuidd.h"
 #include "randutils.h"
+#include "strutils.h"
 #include "c.h"
 
 #ifdef HAVE_TLS
@@ -329,6 +330,7 @@ try_again:
 }
 
 #if defined(HAVE_UUIDD) && defined(HAVE_SYS_UN_H)
+
 /*
  * Try using the uuidd daemon to generate the UUID
  *
@@ -343,11 +345,14 @@ static int get_uuid_via_daemon(int op, uuid_t out, int *num)
        int32_t reply_len = 0, expected = 16;
        struct sockaddr_un srv_addr;
 
+       if (sizeof(UUIDD_SOCKET_PATH) > sizeof(srv_addr.sun_path))
+               return -1;
+
        if ((s = socket(AF_UNIX, SOCK_STREAM, 0)) < 0)
                return -1;
 
        srv_addr.sun_family = AF_UNIX;
-       strcpy(srv_addr.sun_path, UUIDD_SOCKET_PATH);
+       xstrncpy(srv_addr.sun_path, UUIDD_SOCKET_PATH, sizeof(srv_addr.sun_path));
 
        if (connect(s, (const struct sockaddr *) &srv_addr,
                    sizeof(struct sockaddr_un)) < 0)