input: UNIXSOCK: fix possible truncation of socket path

Verify that the socket path is short enough, and replace `strncpy` with
`strcpy`.

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/input/packet/ulogd_inppkt_UNIXSOCK.c b/input/packet/ulogd_inppkt_UNIXSOCK.c
index 3f3abc3a0b776ff3107939a87a6b33cd6c730db2..0080c6a067955a5ccedad6d2e8a2fbae09bf66b8 100644 (file)
--- a/input/packet/ulogd_inppkt_UNIXSOCK.c
+++ b/input/packet/ulogd_inppkt_UNIXSOCK.c
@@ -474,10 +474,19 @@ static int handle_packet(struct ulogd_pluginstance *upi, struct ulogd_unixsock_p
 
 static int _create_unix_socket(const char *unix_path)
 {
+       struct sockaddr_un server_sock = { .sun_family = AF_UNIX };
        int ret = -1;
-       struct sockaddr_un server_sock;
        int s;
 
+       if (strlen(unix_path) >= sizeof(server_sock.sun_path)) {
+               ulogd_log(ULOGD_ERROR,
+                         "ulogd2: unix socket path '%s' too long\n",
+                         unix_path);
+               return -1;
+       }
+
+       strcpy(server_sock.sun_path, unix_path);
+
        s = socket(AF_UNIX, SOCK_STREAM, 0);
        if (s < 0) {
                ulogd_log(ULOGD_ERROR,
@@ -485,10 +494,6 @@ static int _create_unix_socket(const char *unix_path)
                return -1;
        }
 
-       server_sock.sun_family = AF_UNIX;
-       strncpy(server_sock.sun_path, unix_path, sizeof(server_sock.sun_path));
-       server_sock.sun_path[sizeof(server_sock.sun_path)-1] = '\0';
-
        ret = bind(s, (struct sockaddr *)&server_sock, sizeof(server_sock));
        if (ret < 0) {
                ulogd_log(ULOGD_ERROR,