[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-commits] [qemu/qemu] 118d52: qemu-sockets: fix unix socket path co

From: Peter Maydell
Subject: [Qemu-commits] [qemu/qemu] 118d52: qemu-sockets: fix unix socket path copy (again)
Date: Tue, 07 Sep 2021 05:23:32 -0700

  Branch: refs/heads/master
  Home:   https://github.com/qemu/qemu
  Commit: 118d527f2e4baec5fe8060b22a6212468b8e4d3f
  Author: Michael Tokarev <mjt@tls.msk.ru>
  Date:   2021-09-06 (Mon, 06 Sep 2021)

  Changed paths:
    M util/qemu-sockets.c

  Log Message:
  qemu-sockets: fix unix socket path copy (again)

Commit 4cfd970ec188558daa6214f26203fe553fb1e01f added an
assert which ensures the path within an address of a unix
socket returned from the kernel is at least one byte and
does not exceed sun_path buffer. Both of this constraints
are wrong:

A unix socket can be unnamed, in this case the path is
completely empty (not even \0)

And some implementations (notable linux) can add extra
trailing byte (\0) _after_ the sun_path buffer if we
passed buffer larger than it (and we do).

So remove the assertion (since it causes real-life breakage)
but at the same time fix the usage of sun_path. Namely,
we should not access sun_path[0] if kernel did not return
it at all (this is the case for unnamed sockets),
and use the returned salen when copyig actual path as an
upper constraint for the amount of bytes to copy - this
will ensure we wont exceed the information provided by
the kernel, regardless whenever there is a trailing \0
or not. This also helps with unnamed sockets.

Note the case of abstract socket, the sun_path is actually
a blob and can contain \0 characters, - it should not be
passed to g_strndup and the like, it should be accessed by
memcpy-like functions.

Fixes: 4cfd970ec188558daa6214f26203fe553fb1e01f
Fixes: http://bugs.debian.org/993145
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
CC: qemu-stable@nongnu.org

  Commit: a61c30b8c8c3c8619847cfaa289233cc696f5689
  Author: Peter Maydell <peter.maydell@linaro.org>
  Date:   2021-09-07 (Tue, 07 Sep 2021)

  Changed paths:
    M util/qemu-sockets.c

  Log Message:
  Merge remote-tracking branch 'remotes/mjt/tags/patch-fetch' into staging

qemu-socket unix socket bugfix 2021-09-06

# gpg: Signature made Mon 06 Sep 2021 16:19:32 BST
# gpg:                using RSA key 7B73BAD68BE7A2C289314B22701B4F6B1A693E59
# gpg:                issuer "mjt@tls.msk.ru"
# gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>" [full]
# gpg:                 aka "Michael Tokarev <mjt@corpit.ru>" [full]
# gpg:                 aka "Michael Tokarev <mjt@debian.org>" [full]
# Primary key fingerprint: 6EE1 95D1 886E 8FFB 810D  4324 457C E0A0 8044 65C5
#      Subkey fingerprint: 7B73 BAD6 8BE7 A2C2 8931  4B22 701B 4F6B 1A69 3E59

* remotes/mjt/tags/patch-fetch:
  qemu-sockets: fix unix socket path copy (again)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Compare: https://github.com/qemu/qemu/compare/935efca6c246...a61c30b8c8c3

reply via email to

[Prev in Thread] Current Thread [Next in Thread]