From 51359b76c7c7bc4d736d5c8167c859f74a2fbece Mon Sep 17 00:00:00 2001
From: =?utf8?q?Oto=20=C5=A0=C5=A5=C3=A1va?= <oto.stava@nic.cz>
Date: Wed, 4 May 2022 07:55:32 +0200
Subject: [PATCH] lib/utils: check for unix socket paths null-termination

---
 lib/utils.c | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/lib/utils.c b/lib/utils.c
index b43d80aa7..f6f5f4408 100644
--- a/lib/utils.c
+++ b/lib/utils.c
@@ -336,10 +336,20 @@ ssize_t kr_sockaddr_key(struct kr_sockaddr_key_storage *dst,
 		const struct sockaddr_un *addr_un = (const struct sockaddr_un *) addr;
 		struct kr_sockaddr_un_key *unkey = (struct kr_sockaddr_un_key *) dst;
 		unkey->family = AF_UNIX;
-		strncpy(unkey->path, addr_un->sun_path, sizeof(unkey->path));
-		size_t pathlen = strnlen(unkey->path, sizeof(unkey->path));
-		if (pathlen < sizeof(unkey->path)) /* Include null-terminator */
-			pathlen += 1;
+		size_t pathlen = strnlen(addr_un->sun_path, sizeof(unkey->path));
+		if (pathlen == 0 || pathlen >= sizeof(unkey->path)) {
+			/* Abstract sockets are not supported - we would need
+			 * to also supply a length value for the abstract
+			 * pathname.
+			 *
+			 * UNIX socket path should be null-terminated.
+			 *
+			 * See unix(7). */
+			return kr_error(EINVAL);
+		}
+
+		pathlen += 1; /* Include null-terminator */
+		strncpy(unkey->path, addr_un->sun_path, pathlen);
 		return offsetof(struct kr_sockaddr_un_key, path) + pathlen;
 
 	default:
-- 
2.47.2