[vlc-commits] control: rc: avoid sun_path longer than expected

[Alexandre Janniaux]

vlc | branch: master | Alexandre Janniaux <ajanni at videolabs.io> | Mon Jan 20 16:44:43 2020 +0100| [605fbc81afa5ae9d8f4529d2a780e3db2fdcec73] | committer: Jean-Baptiste Kempf

control: rc: avoid sun_path longer than expected

The path in the description of a UNIX domain socket address is limited
to a fixed size, so avoid truncating the provided path if it's longer
than the corresponding sockaddr_un field and return an error while
emitting the corresponding error message.

Signed-off-by: Jean-Baptiste Kempf <jb at videolan.org>

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=605fbc81afa5ae9d8f4529d2a780e3db2fdcec73
---

 modules/control/rc.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/modules/control/rc.c b/modules/control/rc.c
index cd85602d59..86ee873030 100644
--- a/modules/control/rc.c
+++ b/modules/control/rc.c
@@ -1722,6 +1722,14 @@ static int Activate( vlc_object_t *p_this )
 
         msg_Dbg( p_intf, "trying UNIX socket" );
 
+        /* The given unix path cannot be longer than sun_path - 1 to take into
+         * account the terminated null character. */
+        if ( strlen(psz_unix_path) + 1 >= sizeof( addr.sun_path ) )
+        {
+            msg_Err( p_intf, "rc-unix value is longer than expected" );
+            return VLC_EGENERIC;
+        }
+
         if( (i_socket = vlc_socket( PF_LOCAL, SOCK_STREAM, 0, false ) ) < 0 )
         {
             msg_Warn( p_intf, "can't open socket: %s", vlc_strerror_c(errno) );