From 7299ad523bb26c82e0bb922a11df0a140038dba4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9ophane=20Hufschmitt?= Date: Wed, 22 Jun 2022 10:46:46 +0200 Subject: [PATCH] nix-find-roots: Properly fail if the socket filename is too long Otherwise we get a buffer overflow, and bad things can happen --- src/nix-find-roots/main.cc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/nix-find-roots/main.cc b/src/nix-find-roots/main.cc index 329353644..6de5efa69 100644 --- a/src/nix-find-roots/main.cc +++ b/src/nix-find-roots/main.cc @@ -124,6 +124,8 @@ int main(int argc, char * * argv) chdir(socketDir.c_str()); fs::remove(socketFilename); + if (socketFilename.string().size() + 1 >= sizeof(addr.sun_path)) + throw Error("socket path '" + socketFilename.string() + "' is too long"); strcpy(addr.sun_path, socketFilename.c_str()); if (bind(mySock, (struct sockaddr*) &addr, sizeof(addr)) == -1) { throw Error("Cannot bind to socket");