Subject: bin/3369: inetd; some changes about unix domain socket service; allow
To: None <gnats-bugs@gnats.netbsd.org>
From: None <enami@ba2.so-net.or.jp>
List: netbsd-bugs
Date: 03/20/1997 20:02:49
>Number:         3369
>Category:       bin
>Synopsis:       inetd; some changes about unix domain socket service; allow service name length up to sizeof (sun_path) and signal an error if service name is longer than it.
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bin-bug-people (Utility Bug People)
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Thu Mar 20 14:50:01 1997
>Last-Modified:
>Originator:     enami tsugutomo
>Organization:
	an individual
>Release:        NetBSD-current 1997 Mar. 18
>Environment:
System: NetBSD pavlov.enami.ba2.so-net.or.jp 1.2D NetBSD 1.2D (PAVLOV) #200: Thu Mar 20 11:01:57 JST 1997 enami@pavlov.enami.ba2.so-net.or.jp:/b/netbsd/kernel/compile/PAVLOV i386


>Description:
	Since SUN_LEN() isn't used to determin the length of UNIX domain
	socket name, there is no reason to restrict the length of socket
	name to sizeof (sun_path) - 1.

	Also, currently inetd silently chop the service name off to sizeof
	(sun_path) - 1, but I think it should signal an error instead because
	chopped name is not the user intended one.

>How-To-Repeat:
	Read the source.
>Fix:
	Here is a patch
		*  to check the length against sizeof (sun_path) instead of
		sizeof (sun_path) - 1.
		*  to signal an error if the length of given service name
		is greater than sizeof (sun_path).

Index: inetd.c
===================================================================
RCS file: /a/cvsroot/NetBSD/src/usr.sbin/inetd/inetd.c,v
retrieving revision 1.1.1.12
diff -u -r1.1.1.12 inetd.c
--- inetd.c	1997/03/19 15:33:27	1.1.1.12
+++ inetd.c	1997/03/20 10:27:40
@@ -758,10 +758,14 @@
 		case AF_UNIX:
 			if (sep->se_fd != -1)
 				break;
-			(void)unlink(sep->se_service);
 			n = strlen(sep->se_service);
-			if (n > sizeof(sep->se_ctrladdr_un.sun_path) - 1)
-				n = sizeof(sep->se_ctrladdr_un.sun_path) - 1;
+			if (n > sizeof(sep->se_ctrladdr_un.sun_path)) {
+				syslog(LOG_ERR, "%s: address too long",
+				    sep->se_service);
+				sep->se_checked = 0;
+				continue;
+			}
+			(void)unlink(sep->se_service);
 			strncpy(sep->se_ctrladdr_un.sun_path,
 			    sep->se_service, n);
 			sep->se_ctrladdr_un.sun_family = AF_UNIX;
>Audit-Trail:
>Unformatted: