diff options
author | Stefan Bühler <stbuehler@web.de> | 2014-02-16 13:08:43 +0000 |
---|---|---|
committer | Stefan Bühler <stbuehler@web.de> | 2014-02-16 13:08:43 +0000 |
commit | efc41b2bb1affbfb33eb6de1071e7ffa3a083a3e (patch) | |
tree | a60bfd6f6162f78f8cea4a948e039ef7abdcd918 /src | |
parent | 7bd0f54ab2f9b33095e429d7e104e0d9f993c69d (diff) | |
download | lighttpd-git-efc41b2bb1affbfb33eb6de1071e7ffa3a083a3e.tar.gz |
check length of unix domain socket filenames
From: Stefan Bühler <stbuehler@web.de>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2958 152afb58-edef-0310-8abb-c4023f1b3aa9
Diffstat (limited to 'src')
-rw-r--r-- | src/mod_fastcgi.c | 17 | ||||
-rw-r--r-- | src/mod_scgi.c | 17 | ||||
-rw-r--r-- | src/network.c | 11 |
3 files changed, 39 insertions, 6 deletions
diff --git a/src/mod_fastcgi.c b/src/mod_fastcgi.c index 641cf0fa..ad1ec183 100644 --- a/src/mod_fastcgi.c +++ b/src/mod_fastcgi.c @@ -873,7 +873,13 @@ static int fcgi_spawn_connection(server *srv, #ifdef HAVE_SYS_UN_H fcgi_addr_un.sun_family = AF_UNIX; - strcpy(fcgi_addr_un.sun_path, proc->unixsocket->ptr); + if (proc->unixsocket->used > sizeof(fcgi_addr_un.sun_path)) { + log_error_write(srv, __FILE__, __LINE__, "sB", + "ERROR: Unix Domain socket filename too long:", + proc->unixsocket); + return -1; + } + memcpy(fcgi_addr_un.sun_path, proc->unixsocket->ptr, proc->unixsocket->used); #ifdef SUN_LEN servlen = SUN_LEN(&fcgi_addr_un); @@ -1670,7 +1676,14 @@ static connection_result_t fcgi_establish_connection(server *srv, handler_ctx *h #ifdef HAVE_SYS_UN_H /* use the unix domain socket */ fcgi_addr_un.sun_family = AF_UNIX; - strcpy(fcgi_addr_un.sun_path, proc->unixsocket->ptr); + if (proc->unixsocket->used > sizeof(fcgi_addr_un.sun_path)) { + log_error_write(srv, __FILE__, __LINE__, "sB", + "ERROR: Unix Domain socket filename too long:", + proc->unixsocket); + return -1; + } + memcpy(fcgi_addr_un.sun_path, proc->unixsocket->ptr, proc->unixsocket->used); + #ifdef SUN_LEN servlen = SUN_LEN(&fcgi_addr_un); #else diff --git a/src/mod_scgi.c b/src/mod_scgi.c index af81c000..1c16c2d4 100644 --- a/src/mod_scgi.c +++ b/src/mod_scgi.c @@ -670,7 +670,13 @@ static int scgi_spawn_connection(server *srv, #ifdef HAVE_SYS_UN_H scgi_addr_un.sun_family = AF_UNIX; - strcpy(scgi_addr_un.sun_path, proc->socket->ptr); + if (proc->socket->used > sizeof(scgi_addr_un.sun_path)) { + log_error_write(srv, __FILE__, __LINE__, "sB", + "ERROR: Unix Domain socket filename too long:", + proc->socket); + return -1; + } + memcpy(scgi_addr_un.sun_path, proc->socket->ptr, proc->socket->used); #ifdef SUN_LEN servlen = SUN_LEN(&scgi_addr_un); @@ -1340,7 +1346,14 @@ static int scgi_establish_connection(server *srv, handler_ctx *hctx) { #ifdef HAVE_SYS_UN_H /* use the unix domain socket */ scgi_addr_un.sun_family = AF_UNIX; - strcpy(scgi_addr_un.sun_path, proc->socket->ptr); + if (proc->socket->used > sizeof(scgi_addr_un.sun_path)) { + log_error_write(srv, __FILE__, __LINE__, "sB", + "ERROR: Unix Domain socket filename too long:", + proc->socket); + return -1; + } + memcpy(scgi_addr_un.sun_path, proc->socket->ptr, proc->socket->used); + #ifdef SUN_LEN servlen = SUN_LEN(&scgi_addr_un); #else diff --git a/src/network.c b/src/network.c index 3c7dcc12..ebde43bc 100644 --- a/src/network.c +++ b/src/network.c @@ -349,14 +349,21 @@ static int network_server_init(server *srv, buffer *host_token, specific_config break; case AF_UNIX: + { + size_t hostlen = strlen(host) + 1; + if (hostlen > sizeof(srv_socket->addr.un.sun_path)) { + log_error_write(srv, __FILE__, __LINE__, "sS", "unix socket filename too long:", host); + goto error_free_socket; + } + memcpy(srv_socket->addr.un.sun_path, host, hostlen); + } srv_socket->addr.un.sun_family = AF_UNIX; - strcpy(srv_socket->addr.un.sun_path, host); #ifdef SUN_LEN addr_len = SUN_LEN(&srv_socket->addr.un); #else /* stevens says: */ - addr_len = strlen(host) + 1 + sizeof(srv_socket->addr.un.sun_family); + addr_len = hostlen + sizeof(srv_socket->addr.un.sun_family); #endif /* check if the socket exists and try to connect to it. */ |