From 9a02c31deb1a295a5cf403aba378057dfcd44268 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 18 Oct 2019 21:11:13 +1300 Subject: [PATCH] lib: Explicitly refuse to truncate unix domain socket paths This avoids creating a socket like: .../winbindd_privileged/p instead of .../winbindd_privileged/pipe Signed-off-by: Andrew Bartlett Reviewed-by: Andreas Schneider --- source3/lib/util_sock.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c index c97babeebe3..8fd2f7fa315 100644 --- a/source3/lib/util_sock.c +++ b/source3/lib/util_sock.c @@ -1095,6 +1095,7 @@ int create_pipe_sock(const char *socket_dir, int sock = -1; mode_t old_umask; char *path = NULL; + size_t path_len; old_umask = umask(0); @@ -1121,7 +1122,17 @@ int create_pipe_sock(const char *socket_dir, unlink(path); memset(&sunaddr, 0, sizeof(sunaddr)); sunaddr.sun_family = AF_UNIX; - strlcpy(sunaddr.sun_path, path, sizeof(sunaddr.sun_path)); + + path_len = strlcpy(sunaddr.sun_path, path, sizeof(sunaddr.sun_path)); + if (path_len > sizeof(sunaddr.sun_path)) { + DBG_ERR("Refusing to attempt to create pipe socket " + "%s. Path is longer than permitted for a " + "unix domain socket. It would truncate to " + "%s\n", + path, + sunaddr.sun_path); + goto out_close; + } if (bind(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) == -1) { DEBUG(0, ("bind failed on pipe socket %s: %s\n", path, -- 2.47.3