On 10/7/2020 4:03 PM, Stephen Hemminger wrote:
On Mon, 5 Oct 2020 14:39:00 +0200
Jakub Grajciar <jgraj...@cisco.com> wrote:
@@ -886,7 +886,12 @@ memif_socket_create(char *key, uint8_t listener)
goto error;
un.sun_family = AF_UNIX;
- strlcpy(un.sun_path, sock->filename, MEMIF_SOCKET_UN_SIZE);
+ if (is_abstract) {
+ // abstract address
No C++ comments please.
+ un.sun_path[0] = '\0';
Already set to zero when initialized.
+ if (pmd->flags & ETH_MEMIF_FLAG_SOCKET_ABSTRACT) {
+ // abstract address
ditto no C++ comments
+ sun.sun_path[0] = '\0';
again zeroed again
+ memcpy(sun.sun_path + 1, pmd->socket_filename,
sizeof(sun.sun_path) - 2);
+ } else
+ memcpy(sun.sun_path, pmd->socket_filename, sizeof(sun.sun_path)
- 1);
This code is buggy since it potentially reads past the end of the strinc in
filename.
Use strlcpy here instead.
Hi Jakub,
v2 is still using memcpy, have you seen Stephen's comment above?
