diff options
author | Stefan Hajnoczi <stefanha@gmail.com> | 2016-12-16 10:20:27 +0000 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2016-12-16 11:20:27 +0100 |
commit | b9495e8d58a87fc003cb55786b2cf9b2b9c7a65e (patch) | |
tree | 998a1797f116cd536cfbeea7b54c05e36090c921 | |
parent | d84071d569700547f6283061d5f66b585ec952b3 (diff) |
core: prevent invalid socket symlink target dereference (#4895)
socket_find_symlink_target() returns a pointer to
p->address.sockaddr.un.sun_path when the first byte is non-zero without
checking that this is AF_UNIX socket. Since sockaddr is a union this
byte could be non-zero for AF_INET sockets.
Existing callers happen to be safe but is an accident waiting to happen.
Use socket_address_get_path() since it checks for AF_UNIX.
-rw-r--r-- | src/core/socket.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/src/core/socket.c b/src/core/socket.c index fee9b702e6..0960a30039 100644 --- a/src/core/socket.c +++ b/src/core/socket.c @@ -423,8 +423,7 @@ static const char *socket_find_symlink_target(Socket *s) { break; case SOCKET_SOCKET: - if (p->address.sockaddr.un.sun_path[0] != 0) - f = p->address.sockaddr.un.sun_path; + f = socket_address_get_path(&p->address); break; default: |