Fix for debian bug #975321

44 views
Skip to first unread message

Alexander Inyukhin

unread,
Nov 21, 2020, 2:10:05 PM11/21/20
to taskspooler
Hi!

Here is a quick fix for buffer overflow.
Please, review.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975321
0002-Quick-fix-for-Bug-975321.patch

Lluís Batlle i Rossell

unread,
Nov 21, 2020, 3:33:23 PM11/21/20
to tasks...@googlegroups.com
Thank you! Спасибо!

Do you need a new release for this?

Thank you,
Lluís.
> --
> You received this message because you are subscribed to the Google Groups "taskspooler" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to taskspooler...@googlegroups.com.
> To view this discussion on the web, visit https://groups.google.com/d/msgid/taskspooler/20201121191002.GA27037%40shurick.grid.su.

> From: Alexander Inyukhin <shu...@sectorb.msk.ru>
> Date: Sat, 21 Nov 2020 21:17:02 +0300
> Subject: Quick fix for Bug#975321
>
> Use strncpy to prevent buffer overflow.
> Check for name length.
> ---
> server_start.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/server_start.c b/server_start.c
> index 34465c5..6d8262b 100644
> --- a/server_start.c
> +++ b/server_start.c
> @@ -71,8 +71,11 @@ int try_connect(int s)
> struct sockaddr_un addr;
> int res;
>
> + memset(&addr, 0, sizeof(addr));
> addr.sun_family = AF_UNIX;
> - strcpy(addr.sun_path, socket_path);
> + strncpy(addr.sun_path, socket_path, sizeof(addr.sun_path) - 1);
> + if (strcmp(socket_path, addr.sun_path))
> + error("Cannot create the socket '%s'. Probably, the name is too long.", socket_path);
>
> res = connect(s, (struct sockaddr *) &addr, sizeof(addr));
>

Alexander Inyukhin

unread,
Nov 21, 2020, 4:12:21 PM11/21/20
to tasks...@googlegroups.com
On Sat, Nov 21, 2020 at 09:33:21PM +0100, Lluís Batlle i Rossell wrote:
> Do you need a new release for this?

A new release will help a lot.
Reply all
Reply to author
Forward
0 new messages