socket-util-unix: Avoid buffer read overrun in get_unix_name_len().

If the socket length does not include any of the bytes of the path, then the code should not read even the first byte of the path. Found by valgrind. Reported-by: Joe Stringer <[email protected]> Signed-off-by: Ben Pfaff <[email protected]> Acked-by: Thadeu Lima de Souza Cascardo <[email protected]> Acked-by: Joe Stringer <[email protected]>
water0615 · Sep 15, 2016 · dad69cc · dad69cc
1 parent ccc6e1d
commit dad69cc
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/lib/socket-util-unix.c b/lib/socket-util-unix.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014 Nicira, Inc.
+ * Copyright (c) 2014, 2016 Nicira, Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -389,7 +389,7 @@ make_unix_socket(int style, bool nonblock,
 int
 get_unix_name_len(const struct sockaddr_un *sun, socklen_t sun_len)
 {
-    return (sun_len >= offsetof(struct sockaddr_un, sun_path) &&
+    return (sun_len > offsetof(struct sockaddr_un, sun_path) &&
             sun->sun_path[0] != 0
             ? sun_len - offsetof(struct sockaddr_un, sun_path)
             : 0);