Verify that the path is short enough, and replace `strncpy` with `strcpy`.
Signed-off-by: Jeremy Sowden <jeremy@xxxxxxxxxx>
---
output/ulogd_output_JSON.c | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)
diff --git a/output/ulogd_output_JSON.c b/output/ulogd_output_JSON.c
index c15c9f239441..3b0338991548 100644
--- a/output/ulogd_output_JSON.c
+++ b/output/ulogd_output_JSON.c
@@ -147,7 +147,8 @@ static void close_socket(struct json_priv *op) {
static int _connect_socket_unix(struct ulogd_pluginstance *pi)
{
struct json_priv *op = (struct json_priv *) &pi->private;
- struct sockaddr_un u_addr;
+ struct sockaddr_un u_addr = { .sun_family = AF_UNIX };
+ const char *socket_path = file_ce(pi->config_kset).u.string;
int sfd;
close_socket(op);
@@ -156,13 +157,15 @@ static int _connect_socket_unix(struct ulogd_pluginstance *pi)
file_ce(pi->config_kset).u.string);
sfd = socket(AF_UNIX, SOCK_STREAM, 0);
- if (sfd == -1) {
+ if (sfd == -1)
return -1;
- }
- u_addr.sun_family = AF_UNIX;
- strncpy(u_addr.sun_path, file_ce(pi->config_kset).u.string,
- sizeof(u_addr.sun_path) - 1);
- if (connect(sfd, (struct sockaddr *) &u_addr, sizeof(struct sockaddr_un)) == -1) {
+
+ if (sizeof(u_addr.sun_path) <= strlen(socket_path))
+ return -1;
+
+ strcpy(u_addr.sun_path, socket_path);
+
+ if (connect(sfd, (struct sockaddr *) &u_addr, sizeof(u_addr)) == -1) {
close(sfd);
return -1;
}
--
2.33.0
