Google Git
Sign in
qemu-android/qemu-android/25ee9a7fa3f4e09fde48bb184447ff5651ed5fd8^!/.
commit
25ee9a7fa3f4e09fde48bb184447ff5651ed5fd8
[log]
author
Shannon Zhao <zhaoshenglong@huawei.com>
Sat Mar 14 10:00:16 2015 +0800
committer
Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Mon Mar 16 13:29:12 2015 +0530
tree
13f531dfa9dfedca628554ac6f48b9566acd3c44
parent
821c447675728ca06c8d2e4ac8a0e7a1adf775b8 [diff]
virtfs-proxy: Fix possible overflow

It's detected by coverity. The socket name specified
should fit in the sockadd_un.sun_path. If not abort.

Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>

diff --git a/fsdev/virtfs-proxy-helper.c b/fsdev/virtfs-proxy-helper.c
index bf2e5f3..13fe032 100644
--- a/fsdev/virtfs-proxy-helper.c
+++ b/fsdev/virtfs-proxy-helper.c

@@ -738,6 +738,7 @@
         return -1;
     }
 
+    g_assert(strlen(path) < sizeof(proxy.sun_path));
     sock = socket(AF_UNIX, SOCK_STREAM, 0);
     if (sock < 0) {
         do_perror("socket");

diff --git a/hw/9pfs/virtio-9p-proxy.c b/hw/9pfs/virtio-9p-proxy.c
index 6bb191e..71b6198 100644
--- a/hw/9pfs/virtio-9p-proxy.c
+++ b/hw/9pfs/virtio-9p-proxy.c

@@ -1100,6 +1100,10 @@
     int sockfd, size;
     struct sockaddr_un helper;
 
+    if (strlen(path) >= sizeof(helper.sun_path)) {
+        fprintf(stderr, "Socket name too large\n");
+        return -1;
+    }
     sockfd = socket(AF_UNIX, SOCK_STREAM, 0);
     if (sockfd < 0) {
         fprintf(stderr, "failed to create socket: %s\n", strerror(errno));