[Spice-devel] [spice-gtk 2/4] coverity: avoid string overflow
Fabiano FidĂȘncio
fidencio at redhat.com
Mon Apr 25 06:06:44 UTC 2016
On Mon, Apr 4, 2016 at 9:59 AM, Fabiano FidĂȘncio <fidencio at redhat.com> wrote:
> sockaddr_un.sun_path has 108 bytes, while pipe_name has
> PIPE_NAME_MAX_LEN (256 bytes)
> ---
> src/controller/test.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/src/controller/test.c b/src/controller/test.c
> index 9a45581..649aca5 100644
> --- a/src/controller/test.c
> +++ b/src/controller/test.c
> @@ -233,6 +233,12 @@ int main (int argc, char *argv[])
> snprintf (pipe_name, PIPE_NAME_MAX_LEN, PIPE_NAME);
> printf ("Creating a controller connection %s\n", pipe_name);
> struct sockaddr_un remote;
> +
> + if (strlen(pipe_name) + 1 > sizeof(remote.sun_path)) {
> + printf ("address is too long for unix socket_path: %s", pipe_name);
> + return -1;
> + }
> +
> if ((sock = socket (AF_UNIX, SOCK_STREAM, 0)) == -1) {
> printf ("Could not open socket, (%d) %s\n", errno, strerror(errno));
> return -1;
> --
> 2.7.3
>
ping?
More information about the Spice-devel
mailing list