summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Hajnoczi <stefanha@gmail.com>2016-12-16 10:20:27 +0000
committerLennart Poettering <lennart@poettering.net>2016-12-16 11:20:27 +0100
commitb9495e8d58a87fc003cb55786b2cf9b2b9c7a65e (patch)
tree998a1797f116cd536cfbeea7b54c05e36090c921
parentd84071d569700547f6283061d5f66b585ec952b3 (diff)
core: prevent invalid socket symlink target dereference (#4895)
socket_find_symlink_target() returns a pointer to p->address.sockaddr.un.sun_path when the first byte is non-zero without checking that this is AF_UNIX socket. Since sockaddr is a union this byte could be non-zero for AF_INET sockets. Existing callers happen to be safe but is an accident waiting to happen. Use socket_address_get_path() since it checks for AF_UNIX.
-rw-r--r--src/core/socket.c3
1 files changed, 1 insertions, 2 deletions
diff --git a/src/core/socket.c b/src/core/socket.c
index fee9b702e6..0960a30039 100644
--- a/src/core/socket.c
+++ b/src/core/socket.c
@@ -423,8 +423,7 @@ static const char *socket_find_symlink_target(Socket *s) {
break;
case SOCKET_SOCKET:
- if (p->address.sockaddr.un.sun_path[0] != 0)
- f = p->address.sockaddr.un.sun_path;
+ f = socket_address_get_path(&p->address);
break;
default: