unix-server: guard against buffer overflow

sun_path is fairly small, and while the input is a smaller constant, you never know how that might change.
2013-12-28 06:25:31 -05:00 · 2013-12-28 06:25:31 -05:00 · 77d34c3096
commit 77d34c3096
parent 21154a3e6b
1 changed files with 2 additions and 1 deletions
--- a/qrexec-lib/unix-server.c
+++ b/qrexec-lib/unix-server.c
@ -44,7 +44,8 @@ int get_server_socket(char *socket_address)
 	}
 	memset(&sockname, 0, sizeof(sockname));
 	sockname.sun_family = AF_UNIX;
-	memcpy(sockname.sun_path, socket_address, strlen(socket_address));
+	strncpy(sockname.sun_path, socket_address, sizeof sockname.sun_path);
+	sockname.sun_path[sizeof sockname.sun_path - 1] = 0;

 	if (bind(s, (struct sockaddr *) &sockname, sizeof(sockname)) == -1) {
 		printf("bind() failed\n");