From 073597665a189b0bbf676ebb74c6c1f3cbe2692b Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 24 Aug 2022 16:57:20 +0200
Subject: [PATCH] selinux-util: add safety size check before doing strdupa()

---
 src/shared/selinux-util.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/shared/selinux-util.c b/src/shared/selinux-util.c
index 336d7f5c968..f7d8353b49c 100644
--- a/src/shared/selinux-util.c
+++ b/src/shared/selinux-util.c
@@ -598,6 +598,7 @@ int mac_selinux_bind(int fd, const struct sockaddr *addr, socklen_t addrlen) {
         _cleanup_freecon_ char *fcon = NULL;
         const struct sockaddr_un *un;
         bool context_changed = false;
+        size_t sz;
         char *path;
         int r;
 
@@ -621,8 +622,10 @@ int mac_selinux_bind(int fd, const struct sockaddr *addr, socklen_t addrlen) {
         if (un->sun_path[0] == 0)
                 goto skipped;
 
-        path = strndupa_safe(un->sun_path,
-                             addrlen - offsetof(struct sockaddr_un, sun_path));
+        sz = addrlen - offsetof(struct sockaddr_un, sun_path);
+        if (sz > PATH_MAX)
+                goto skipped;
+        path = strndupa_safe(un->sun_path, sz);
 
         /* Check for policy reload so 'label_hnd' is kept up-to-date by callbacks */
         mac_selinux_maybe_reload();
-- 
2.47.3