From: Stefan Hajnoczi <stefanha@gmail.com>
Date: Fri, 16 Dec 2016 10:20:27 +0000 (+0000)
Subject: core: prevent invalid socket symlink target dereference (#4895)
X-Git-Tag: v233~315
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b9495e8d58a87fc003cb55786b2cf9b2b9c7a65e;p=thirdparty%2Fsystemd.git

core: prevent invalid socket symlink target dereference (#4895)

socket_find_symlink_target() returns a pointer to
p->address.sockaddr.un.sun_path when the first byte is non-zero without
checking that this is AF_UNIX socket.  Since sockaddr is a union this
byte could be non-zero for AF_INET sockets.

Existing callers happen to be safe but is an accident waiting to happen.
Use socket_address_get_path() since it checks for AF_UNIX.
---

diff --git a/src/core/socket.c b/src/core/socket.c
index fee9b702e65..0960a300393 100644
--- a/src/core/socket.c
+++ b/src/core/socket.c
@@ -423,8 +423,7 @@ static const char *socket_find_symlink_target(Socket *s) {
                         break;
 
                 case SOCKET_SOCKET:
-                        if (p->address.sockaddr.un.sun_path[0] != 0)
-                                f = p->address.sockaddr.un.sun_path;
+                        f = socket_address_get_path(&p->address);
                         break;
 
                 default: