struct sockaddr_un can be truncated.

When we have "struct sockaddr_un *s_un", we could not assume *s_un points to a memory region which size is at least sizeof(*s_un). Even worse, it may be shorter than sizeof(struct sockaddr) on some systems.
author: Tomoyuki Sahara <[email protected]> 2018-06-14 13:28:32 +0900
committer: Tomoyuki Sahara <[email protected]> 2018-06-14 13:28:32 +0900
commit: 5013d2b20f85819f78c5b5bc4f2f3b8cfc17d89f (patch)
tree: 6b547c88db4efdb42093f365092d2e8ae344e7db /mrbgems/mruby-socket
parent: 3618556a95957f82f6fd853af239eb8ce9fa689b (diff)
download: mruby-5013d2b20f85819f78c5b5bc4f2f3b8cfc17d89f.tar.gz
mruby-5013d2b20f85819f78c5b5bc4f2f3b8cfc17d89f.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/mrbgems/mruby-socket/src/socket.c b/mrbgems/mruby-socket/src/socket.c
index 5a8db93d7..33c8d4455 100644
--- a/mrbgems/mruby-socket/src/socket.c
+++ b/mrbgems/mruby-socket/src/socket.c
@@ -214,7 +214,11 @@ mrb_addrinfo_unix_path(mrb_state *mrb, mrb_value self)
   sastr = mrb_iv_get(mrb, self, mrb_intern_lit(mrb, "@sockaddr"));
   if (((struct sockaddr *)RSTRING_PTR(sastr))->sa_family != AF_UNIX)
     mrb_raise(mrb, E_SOCKET_ERROR, "need AF_UNIX address");
-  return mrb_str_new_cstr(mrb, ((struct sockaddr_un *)RSTRING_PTR(sastr))->sun_path);
+  if (RSTRING_LEN(sastr) < offsetof(struct sockaddr_un, sun_path) + 1) {
+    return mrb_str_new(mrb, "", 0);
+  } else {
+    return mrb_str_new_cstr(mrb, ((struct sockaddr_un *)RSTRING_PTR(sastr))->sun_path);
+  }
 }
 #endif
author	Tomoyuki Sahara <[email protected]>	2018-06-14 13:28:32 +0900
committer	Tomoyuki Sahara <[email protected]>	2018-06-14 13:28:32 +0900
commit	5013d2b20f85819f78c5b5bc4f2f3b8cfc17d89f (patch)
tree	6b547c88db4efdb42093f365092d2e8ae344e7db /mrbgems/mruby-socket
parent	3618556a95957f82f6fd853af239eb8ce9fa689b (diff)
download	mruby-5013d2b20f85819f78c5b5bc4f2f3b8cfc17d89f.tar.gz mruby-5013d2b20f85819f78c5b5bc4f2f3b8cfc17d89f.zip