From 4dd7c84167e99af62db465bd64d47b7228a60335 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 4 Mar 2015 09:38:52 +0100 Subject: lib: Fix CID 1128552 Buffer not null terminated Signed-off-by: Volker Lendecke Reviewed-by: David Disseldorp --- source3/lib/ctdb_conn.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/source3/lib/ctdb_conn.c b/source3/lib/ctdb_conn.c index a54e83dbb6..4e1b3e5fac 100644 --- a/source3/lib/ctdb_conn.c +++ b/source3/lib/ctdb_conn.c @@ -58,6 +58,7 @@ struct tevent_req *ctdb_conn_init_send(TALLOC_CTX *mem_ctx, { struct tevent_req *req, *subreq; struct ctdb_conn_init_state *state; + size_t len; req = tevent_req_create(mem_ctx, &state, struct ctdb_conn_init_state); if (req == NULL) { @@ -69,11 +70,6 @@ struct tevent_req *ctdb_conn_init_send(TALLOC_CTX *mem_ctx, return tevent_req_post(req, ev); } - if (strlen(sock) >= sizeof(state->addr.sun_path)) { - tevent_req_error(req, ENAMETOOLONG); - return tevent_req_post(req, ev); - } - state->conn = talloc(state, struct ctdb_conn); if (tevent_req_nomem(state->conn, req)) { return tevent_req_post(req, ev); @@ -93,7 +89,13 @@ struct tevent_req *ctdb_conn_init_send(TALLOC_CTX *mem_ctx, talloc_set_destructor(state->conn, ctdb_conn_destructor); state->addr.sun_family = AF_UNIX; - strncpy(state->addr.sun_path, sock, sizeof(state->addr.sun_path)); + + len = strlcpy(state->addr.sun_path, sock, + sizeof(state->addr.sun_path)); + if (len >= sizeof(state->addr.sun_path)) { + tevent_req_error(req, ENAMETOOLONG); + return tevent_req_post(req, ev); + } subreq = async_connect_send(state, ev, state->conn->fd, (struct sockaddr *)&state->addr, -- cgit