about summary refs log tree commit diff
diff options
context:
space:
mode:
authorJune McEnroe <june@causal.agency>2019-11-20 13:39:25 -0500
committerJune McEnroe <june@causal.agency>2019-11-20 13:39:25 -0500
commitdb43450638ae9875619ce5c5a5e821990dd68c9f (patch)
treec4cf4986e21e5a577297ef7a36a2aac08e86d0a2
parentFormat milliseconds as int (diff)
downloadpounce-db43450638ae9875619ce5c5a5e821990dd68c9f.tar.gz
pounce-db43450638ae9875619ce5c5a5e821990dd68c9f.zip
Use strlcpy for sun_paths
My understanding is that sun_path need not be nul-terminated, but I
didn't notice that SUN_LEN actually requires it.

> The length of UNIX-domain address, required by bind(2) and connect(2),
> can be calculated by the macro SUN_LEN() defined in <sys/un.h>.  The
> sun_path field must be terminated by a NUL character to be used with
> SUN_LEN(), but the terminating NUL is not part of the address.

Thanks to Duncan Overbruck <mail@duncano.de> for the report.
-rw-r--r--dispatch.c2
-rw-r--r--local.c4
2 files changed, 3 insertions, 3 deletions
diff --git a/dispatch.c b/dispatch.c
index e80f297..d762105 100644
--- a/dispatch.c
+++ b/dispatch.c
@@ -288,7 +288,7 @@ int main(int argc, char *argv[]) {
 			}
 
 			struct sockaddr_un addr = { .sun_family = AF_UNIX };
-			strncpy(addr.sun_path, name, sizeof(addr.sun_path));
+			strlcpy(addr.sun_path, name, sizeof(addr.sun_path));
 
 			int sock = socket(PF_UNIX, SOCK_STREAM, 0);
 			if (sock < 0) err(EX_OSERR, "socket");
diff --git a/local.c b/local.c
index eccd2e6..6ef452b 100644
--- a/local.c
+++ b/local.c
@@ -131,10 +131,10 @@ size_t localUnix(int fds[], size_t cap, const char *path) {
 	if (sock < 0) err(EX_OSERR, "socket");
 
 	struct sockaddr_un addr = { .sun_family = AF_UNIX };
-	if (strlen(path) > sizeof(addr.sun_path)) {
+	size_t len = strlcpy(addr.sun_path, path, sizeof(addr.sun_path));
+	if (len >= sizeof(addr.sun_path)) {
 		errx(EX_CONFIG, "path too long: %s", path);
 	}
-	strncpy(addr.sun_path, path, sizeof(addr.sun_path));
 
 	int error = bind(sock, (struct sockaddr *)&addr, SUN_LEN(&addr));
 	if (error) err(EX_UNAVAILABLE, "%s", path);