Site Navigation

Date:      Fri, 5 Jun 2009 15:54:31 GMT
From:      Stacey Son <sson@FreeBSD.org>
To:        Perforce Change Reviews <perforce@FreeBSD.org>
Subject:   PERFORCE change 163575 for review
Message-ID:  <200906051554.n55FsVkG011720@repoman.freebsd.org>

---

next in thread | raw e-mail | index | archive | help

---

http://perforce.freebsd.org/chv.cgi?CH=163575

Change 163575 by sson@sson_amd64 on 2009/06/05 15:54:10

	Fix parsing bug for AUT_SOCKUNIX tokens.	
	
	fetch_sock_unix_tok() assumes that the path component of
	AUT_SOCKUNIX is a fixed length when is actually a variable
	length.

Affected files ...

.. //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#63 edit
.. //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#93 edit

Differences ...

==== //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#63 (text+ko) ====

@@ -32,7 +32,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#62 $
+ * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#63 $
  */
 
 #include <sys/types.h>
@@ -3176,19 +3176,25 @@
 
 /*
  * socket family           2 bytes
- * path                    104 bytes
+ * path                    (up to) 104 bytes + NULL (NULL terminated string).
  */
 static int
 fetch_sock_unix_tok(tokenstr_t *tok, u_char *buf, int len)
 {
 	int err = 0;
+	u_char *p;
+	int slen;
+
 
 	READ_TOKEN_U_INT16(buf, len, tok->tt.sockunix.family, tok->len, err);
 	if (err)
 		return (-1);
 
-	READ_TOKEN_BYTES(buf, len, tok->tt.sockunix.path, 104, tok->len,
-	    err);
+	/* slen = strnlen((buf + tok->len), 104) + 1; */
+	p = (u_char *)memchr((const void *)(buf + tok->len), '\0', 104);
+	slen = (p ? (int)(p - (buf + tok->len))  : 104) + 1; 
+
+	READ_TOKEN_BYTES(buf, len, tok->tt.sockunix.path, slen, tok->len, err);
 	if (err)
 		return (-1);
 

==== //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#93 (text+ko) ====

@@ -30,7 +30,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#92 $
+ * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#93 $
  */
 
 #include <sys/types.h>
@@ -996,7 +996,7 @@
 /*
  * token ID                1 byte
  * socket family           2 bytes
- * path                    104 bytes
+ * path                    (up to) 104 bytes + NULL  (NULL terminated string)
  */
 token_t *
 au_to_sock_unix(struct sockaddr_un *so)

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200906051554.n55FsVkG011720>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact