13 years ago · 959da6b7f2
--- a/changes/cid_428
+++ b/changes/cid_428
@@ -0,0 +1,5 @@
 
				+  o Minor bugfixes:
			
 
				+    - Always NUL-terminate the sun_path field of a sockaddr_un before
			
 
				+      passing it to the kernel. (Not a security issue: kernels are
			
 
				+      smart enough to reject bad sockaddr_uns.) Found by Coverity; CID
			
 
				+      # 428. Bugfix on Tor 0.2.0.3-alpha.
			
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -804,7 +804,13 @@ create_unix_sockaddr(const char *listenaddress, char **readable_address,
 
				 
			
 
				   sockaddr = tor_malloc_zero(sizeof(struct sockaddr_un));
			
 
				   sockaddr->sun_family = AF_UNIX;
			
 
				-  strncpy(sockaddr->sun_path, listenaddress, sizeof(sockaddr->sun_path));
			
 
				+  if (strlcpy(sockaddr->sun_path, listenaddress, sizeof(sockaddr->sun_path))
			
 
				+      >= sizeof(sockaddr->sun_path)) {
			
 
				+    log_warn(LD_CONFIG, "Unix socket path '%s' is too long to fit.",
			
 
				+             escaped(listenaddress));
			
 
				+    tor_free(sockaddr);
			
 
				+    return NULL;
			
 
				+  }
			
 
				 
			
 
				   if (readable_address)
			
 
				     *readable_address = tor_strdup(listenaddress);