From: ty Date: Sun, 27 Mar 2022 20:22:22 +0000 (+0800) Subject: bpo-44493: Add missing terminated NUL in sockaddr_un's length (GH-26866) X-Git-Tag: v3.11.0a7~119 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f6b3a07b7df60dc04d0260169ffef6e9796a2124;p=thirdparty%2FPython%2Fcpython.git bpo-44493: Add missing terminated NUL in sockaddr_un's length (GH-26866) Add missing terminated NUL in sockaddr_un's length - Linux: https://man7.org/linux/man-pages/man7/unix.7.html - *BSD: SUN_LEN --- diff --git a/Misc/NEWS.d/next/Library/2021-07-26-10-46-49.bpo-44493.xp3CRH.rst b/Misc/NEWS.d/next/Library/2021-07-26-10-46-49.bpo-44493.xp3CRH.rst new file mode 100644 index 000000000000..390a7222bbf5 --- /dev/null +++ b/Misc/NEWS.d/next/Library/2021-07-26-10-46-49.bpo-44493.xp3CRH.rst @@ -0,0 +1,3 @@ +Add missing terminated NUL in sockaddr_un's length + +This was potentially observable when using non-abstract AF_UNIX datagram sockets to processes written in another programming language. diff --git a/Modules/socketmodule.c b/Modules/socketmodule.c index 7f7af1895bd9..c7bc10b5dbbb 100644 --- a/Modules/socketmodule.c +++ b/Modules/socketmodule.c @@ -1689,6 +1689,8 @@ getsockaddrarg(PySocketSockObject *s, PyObject *args, "AF_UNIX path too long"); goto unix_out; } + + *len_ret = path.len + offsetof(struct sockaddr_un, sun_path); } else #endif /* linux */ @@ -1700,10 +1702,13 @@ getsockaddrarg(PySocketSockObject *s, PyObject *args, goto unix_out; } addr->sun_path[path.len] = 0; + + /* including the tailing NUL */ + *len_ret = path.len + offsetof(struct sockaddr_un, sun_path) + 1; } addr->sun_family = s->sock_family; memcpy(addr->sun_path, path.buf, path.len); - *len_ret = path.len + offsetof(struct sockaddr_un, sun_path); + retval = 1; unix_out: PyBuffer_Release(&path);