On Mon, 5 Oct 2020 14:39:00 +0200
Jakub Grajciar <jgraj...@cisco.com> wrote:
> @@ -886,7 +886,12 @@ memif_socket_create(char *key, uint8_t listener)
> goto error;
>
> un.sun_family = AF_UNIX;
> - strlcpy(un.sun_path, sock->filename, MEMIF_SOCKET_UN_SIZE);
> + if (is_abstract) {
> + // abstract address
No C++ comments please.
> + un.sun_path[0] = '\0';
Already set to zero when initialized.
> + if (pmd->flags & ETH_MEMIF_FLAG_SOCKET_ABSTRACT) {
> + // abstract address
ditto no C++ comments
> + sun.sun_path[0] = '\0';
again zeroed again
> + memcpy(sun.sun_path + 1, pmd->socket_filename,
> sizeof(sun.sun_path) - 2);
> + } else
> + memcpy(sun.sun_path, pmd->socket_filename, sizeof(sun.sun_path)
> - 1);
This code is buggy since it potentially reads past the end of the strinc in
filename.
Use strlcpy here instead.
