Module: kamailio Branch: master Commit: d4f3c96cdf2efc8db8fa115a35f7ea9545ea4c9f URL: https://github.com/kamailio/kamailio/commit/d4f3c96cdf2efc8db8fa115a35f7ea9… Author: Daniel-Constantin Mierla &lt;miconda(a)gmail.com&gt; Committer: Daniel-Constantin Mierla &lt;miconda(a)gmail.com&gt; Date: 2016-11-01T15:14:41+01:00 mi_datagram: safety check so the length of mi socket doesn't result in overflow --- Modified: modules/mi_datagram/mi_datagram.c --- Diff: https://github.com/kamailio/kamailio/commit/d4f3c96cdf2efc8db8fa115a35f7ea9… Patch: https://github.com/kamailio/kamailio/commit/d4f3c96cdf2efc8db8fa115a35f7ea9… --- diff --git a/modules/mi_datagram/mi_datagram.c b/modules/mi_datagram/mi_datagram.c index 3260420..a06e2f2 100644 --- a/modules/mi_datagram/mi_datagram.c +++ b/modules/mi_datagram/mi_datagram.c @@ -200,7 +200,7 @@ static int mi_mod_init(void) LM_ERR("invalid port number; must be in [1024,%d]\n",MAX_NB_PORT); return -1; } - + if(! (host = resolvehost(host_s)) ) { LM_ERR("failed to resolve %s\n", host_s); return -1; @@ -212,10 +212,10 @@ static int mi_mod_init(void) } mi_socket_domain = host->h_addrtype; goto done; - } + } /* in case of a Unix socket*/ LM_DBG("we have an UNIX socket\n"); - + n=stat(mi_socket, &filestat); if( n==0) { LM_INFO("the socket %s already exists, trying to delete it...\n", mi_socket); @@ -235,14 +235,14 @@ static int mi_mod_init(void) LM_WARN("cannot specify mi_unix_socket_mode = 0, forcing it to rw-------\n"); mi_unix_socket_mode = S_IRUSR| S_IWUSR; } - + if (mi_unix_socket_uid_s) { if (user2uid(&mi_unix_socket_uid, &mi_unix_socket_gid, mi_unix_socket_uid_s)<0) { LM_ERR("bad user name %s\n", mi_unix_socket_uid_s); return -1; } } - + if (mi_unix_socket_gid_s) { if (group2gid(&mi_unix_socket_gid, mi_unix_socket_gid_s)<0) { LM_ERR("bad group name %s\n", mi_unix_socket_gid_s); @@ -252,7 +252,11 @@ static int mi_mod_init(void) /*create the unix socket address*/ mi_dtgram_addr.unix_addr.sun_family = AF_LOCAL; - memcpy( mi_dtgram_addr.unix_addr.sun_path, mi_socket, strlen(mi_socket)); + if(strlen(mi_socket)>=sizeof(mi_dtgram_addr.unix_addr.sun_path)-1) { + LM_ERR("mi socket path is too long\n"); + return -1; + } + memcpy(mi_dtgram_addr.unix_addr.sun_path, mi_socket, strlen(mi_socket)); done: /* add space for extra processes */ @@ -369,7 +373,7 @@ static int mi_destroy(void) if (n==0) { if(config_check==0) { if (unlink(mi_socket)<0){ - LM_ERR("cannot delete the socket (%s): %s\n", + LM_ERR("cannot delete the socket (%s): %s\n", mi_socket, strerror(errno)); goto error; }