[Spice-devel] [spice-gtk 2/4] coverity: avoid string overflow
Fabiano FidĂȘncio
fidencio at redhat.com
Mon Apr 4 07:59:52 UTC 2016
sockaddr_un.sun_path has 108 bytes, while pipe_name has
PIPE_NAME_MAX_LEN (256 bytes)
---
src/controller/test.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/controller/test.c b/src/controller/test.c
index 9a45581..649aca5 100644
--- a/src/controller/test.c
+++ b/src/controller/test.c
@@ -233,6 +233,12 @@ int main (int argc, char *argv[])
snprintf (pipe_name, PIPE_NAME_MAX_LEN, PIPE_NAME);
printf ("Creating a controller connection %s\n", pipe_name);
struct sockaddr_un remote;
+
+ if (strlen(pipe_name) + 1 > sizeof(remote.sun_path)) {
+ printf ("address is too long for unix socket_path: %s", pipe_name);
+ return -1;
+ }
+
if ((sock = socket (AF_UNIX, SOCK_STREAM, 0)) == -1) {
printf ("Could not open socket, (%d) %s\n", errno, strerror(errno));
return -1;
--
2.7.3
More information about the Spice-devel
mailing list