From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 24 Aug 2022 14:57:20 +0000 (+0200)
Subject: selinux-util: add safety size check before doing strdupa()
X-Git-Tag: v252-rc1~349^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=073597665a189b0bbf676ebb74c6c1f3cbe2692b;p=thirdparty%2Fsystemd.git

selinux-util: add safety size check before doing strdupa()
---

diff --git a/src/shared/selinux-util.c b/src/shared/selinux-util.c
index 336d7f5c968..f7d8353b49c 100644
--- a/src/shared/selinux-util.c
+++ b/src/shared/selinux-util.c
@@ -598,6 +598,7 @@ int mac_selinux_bind(int fd, const struct sockaddr *addr, socklen_t addrlen) {
         _cleanup_freecon_ char *fcon = NULL;
         const struct sockaddr_un *un;
         bool context_changed = false;
+        size_t sz;
         char *path;
         int r;
 
@@ -621,8 +622,10 @@ int mac_selinux_bind(int fd, const struct sockaddr *addr, socklen_t addrlen) {
         if (un->sun_path[0] == 0)
                 goto skipped;
 
-        path = strndupa_safe(un->sun_path,
-                             addrlen - offsetof(struct sockaddr_un, sun_path));
+        sz = addrlen - offsetof(struct sockaddr_un, sun_path);
+        if (sz > PATH_MAX)
+                goto skipped;
+        path = strndupa_safe(un->sun_path, sz);
 
         /* Check for policy reload so 'label_hnd' is kept up-to-date by callbacks */
         mac_selinux_maybe_reload();