From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 18 Oct 2019 08:11:13 +0000 (+1300)
Subject: lib: Explicitly refuse to truncate unix domain socket paths
X-Git-Tag: talloc-2.3.1~324
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=9a02c31deb1a295a5cf403aba378057dfcd44268;p=thirdparty%2Fsamba.git

lib: Explicitly refuse to truncate unix domain socket paths

This avoids creating a socket like:

.../winbindd_privileged/p

instead of

.../winbindd_privileged/pipe

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
---

diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c
index c97babeebe3..8fd2f7fa315 100644
--- a/source3/lib/util_sock.c
+++ b/source3/lib/util_sock.c
@@ -1095,6 +1095,7 @@ int create_pipe_sock(const char *socket_dir,
 	int sock = -1;
 	mode_t old_umask;
 	char *path = NULL;
+	size_t path_len;
 
 	old_umask = umask(0);
 
@@ -1121,7 +1122,17 @@ int create_pipe_sock(const char *socket_dir,
 	unlink(path);
 	memset(&sunaddr, 0, sizeof(sunaddr));
 	sunaddr.sun_family = AF_UNIX;
-	strlcpy(sunaddr.sun_path, path, sizeof(sunaddr.sun_path));
+
+	path_len = strlcpy(sunaddr.sun_path, path, sizeof(sunaddr.sun_path));
+	if (path_len > sizeof(sunaddr.sun_path)) {
+		DBG_ERR("Refusing to attempt to create pipe socket "
+			"%s.  Path is longer than permitted for a "
+			"unix domain socket.  It would truncate to "
+			"%s\n",
+			path,
+			sunaddr.sun_path);
+		goto out_close;
+	}
 
 	if (bind(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) == -1) {
 		DEBUG(0, ("bind failed on pipe socket %s: %s\n", path,