[vlc-devel] [PATCH v2 1/2] control: rc: avoid sun_path longer than expected

Alexandre Janniaux ajanni at videolabs.io
Mon Jan 20 16:44:43 CET 2020


The path in the description of a UNIX domain socket address is limited
to a fixed size, so avoid truncating the provided path if it's longer
than the corresponding sockaddr_un field and return an error while
emitting the corresponding error message.
---
 modules/control/rc.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/modules/control/rc.c b/modules/control/rc.c
index cd85602d59..86ee873030 100644
--- a/modules/control/rc.c
+++ b/modules/control/rc.c
@@ -1722,6 +1722,14 @@ static int Activate( vlc_object_t *p_this )
 
         msg_Dbg( p_intf, "trying UNIX socket" );
 
+        /* The given unix path cannot be longer than sun_path - 1 to take into
+         * account the terminated null character. */
+        if ( strlen(psz_unix_path) + 1 >= sizeof( addr.sun_path ) )
+        {
+            msg_Err( p_intf, "rc-unix value is longer than expected" );
+            return VLC_EGENERIC;
+        }
+
         if( (i_socket = vlc_socket( PF_LOCAL, SOCK_STREAM, 0, false ) ) < 0 )
         {
             msg_Warn( p_intf, "can't open socket: %s", vlc_strerror_c(errno) );
-- 
2.25.0



More information about the vlc-devel mailing list