Commit 43c75c8e authored by Daniel Colascione's avatar Daniel Colascione
Browse files

Do not read uninitialized memory in conv_sockaddr_to_lisp

parents 8266cd88 ea64063f
2014-03-22 Daniel Colascione <dancol@dancol.org>
* process.c (conv_sockaddr_to_lisp): When extracting the string
names of AF_LOCAL sockets, stop before reading uninitialized
memory.
2014-03-21 YAMAMOTO Mitsuharu <mituharu@math.s.chiba-u.ac.jp> 2014-03-21 YAMAMOTO Mitsuharu <mituharu@math.s.chiba-u.ac.jp>
Fix regression introduced by patch for Bug#10500. Fix regression introduced by patch for Bug#10500.
......
...@@ -2010,10 +2010,22 @@ conv_sockaddr_to_lisp (struct sockaddr *sa, int len) ...@@ -2010,10 +2010,22 @@ conv_sockaddr_to_lisp (struct sockaddr *sa, int len)
case AF_LOCAL: case AF_LOCAL:
{ {
struct sockaddr_un *sockun = (struct sockaddr_un *) sa; struct sockaddr_un *sockun = (struct sockaddr_un *) sa;
for (i = 0; i < sizeof (sockun->sun_path); i++) ptrdiff_t name_length = len - offsetof (struct sockaddr_un, sun_path);
if (sockun->sun_path[i] == 0) /* If the first byte is NUL, the name is a Linux abstract
break; socket name, and the name can contain embedded NULs. If
return make_unibyte_string (sockun->sun_path, i); it's not, we have a NUL-terminated string. Be careful not
to walk past the end of the object looking for the name
terminator, however. */
if (name_length > 0 && sockun->sun_path[0] != '\0')
{
const char* terminator =
memchr (sockun->sun_path, '\0', name_length);
if (terminator)
name_length = terminator - (const char*) sockun->sun_path;
}
return make_unibyte_string (sockun->sun_path, name_length);
} }
#endif #endif
default: default:
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment