PERFORCE change 163575 for review

Stacey Son sson at FreeBSD.org
Fri Jun 5 15:54:33 UTC 2009 

http://perforce.freebsd.org/chv.cgi?CH=163575

Change 163575 by sson at sson_amd64 on 2009/06/05 15:54:10

	Fix parsing bug for AUT_SOCKUNIX tokens.	
	
	fetch_sock_unix_tok() assumes that the path component of
	AUT_SOCKUNIX is a fixed length when is actually a variable
	length.

Affected files ...

.. //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#63 edit
.. //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#93 edit

Differences ...

==== //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#63 (text+ko) ====

@@ -32,7 +32,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#62 $
+ * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#63 $
  */
 
 #include <sys/types.h>
@@ -3176,19 +3176,25 @@
 
 /*
  * socket family           2 bytes
- * path                    104 bytes
+ * path                    (up to) 104 bytes + NULL (NULL terminated string).
  */
 static int
 fetch_sock_unix_tok(tokenstr_t *tok, u_char *buf, int len)
 {
 	int err = 0;
+	u_char *p;
+	int slen;
+
 
 	READ_TOKEN_U_INT16(buf, len, tok->tt.sockunix.family, tok->len, err);
 	if (err)
 		return (-1);
 
-	READ_TOKEN_BYTES(buf, len, tok->tt.sockunix.path, 104, tok->len,
-	    err);
+	/* slen = strnlen((buf + tok->len), 104) + 1; */
+	p = (u_char *)memchr((const void *)(buf + tok->len), '\0', 104);
+	slen = (p ? (int)(p - (buf + tok->len))  : 104) + 1; 
+
+	READ_TOKEN_BYTES(buf, len, tok->tt.sockunix.path, slen, tok->len, err);
 	if (err)
 		return (-1);
 

==== //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#93 (text+ko) ====

@@ -30,7 +30,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#92 $
+ * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#93 $
  */
 
 #include <sys/types.h>
@@ -996,7 +996,7 @@
 /*
  * token ID                1 byte
  * socket family           2 bytes
- * path                    104 bytes
+ * path                    (up to) 104 bytes + NULL  (NULL terminated string)
  */
 token_t *
 au_to_sock_unix(struct sockaddr_un *so)

More information about the p4-projects mailing list