Subject: bin/3369: inetd; some changes about unix domain socket service; allow
To: None <gnats-bugs@gnats.netbsd.org>
From: None <enami@ba2.so-net.or.jp>
List: netbsd-bugs
Date: 03/20/1997 20:02:49
>Number: 3369
>Category: bin
>Synopsis: inetd; some changes about unix domain socket service; allow service name length up to sizeof (sun_path) and signal an error if service name is longer than it.
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: bin-bug-people (Utility Bug People)
>State: open
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Thu Mar 20 14:50:01 1997
>Last-Modified:
>Originator: enami tsugutomo
>Organization:
an individual
>Release: NetBSD-current 1997 Mar. 18
>Environment:
System: NetBSD pavlov.enami.ba2.so-net.or.jp 1.2D NetBSD 1.2D (PAVLOV) #200: Thu Mar 20 11:01:57 JST 1997 enami@pavlov.enami.ba2.so-net.or.jp:/b/netbsd/kernel/compile/PAVLOV i386
>Description:
Since SUN_LEN() isn't used to determin the length of UNIX domain
socket name, there is no reason to restrict the length of socket
name to sizeof (sun_path) - 1.
Also, currently inetd silently chop the service name off to sizeof
(sun_path) - 1, but I think it should signal an error instead because
chopped name is not the user intended one.
>How-To-Repeat:
Read the source.
>Fix:
Here is a patch
* to check the length against sizeof (sun_path) instead of
sizeof (sun_path) - 1.
* to signal an error if the length of given service name
is greater than sizeof (sun_path).
Index: inetd.c
===================================================================
RCS file: /a/cvsroot/NetBSD/src/usr.sbin/inetd/inetd.c,v
retrieving revision 1.1.1.12
diff -u -r1.1.1.12 inetd.c
--- inetd.c 1997/03/19 15:33:27 1.1.1.12
+++ inetd.c 1997/03/20 10:27:40
@@ -758,10 +758,14 @@
case AF_UNIX:
if (sep->se_fd != -1)
break;
- (void)unlink(sep->se_service);
n = strlen(sep->se_service);
- if (n > sizeof(sep->se_ctrladdr_un.sun_path) - 1)
- n = sizeof(sep->se_ctrladdr_un.sun_path) - 1;
+ if (n > sizeof(sep->se_ctrladdr_un.sun_path)) {
+ syslog(LOG_ERR, "%s: address too long",
+ sep->se_service);
+ sep->se_checked = 0;
+ continue;
+ }
+ (void)unlink(sep->se_service);
strncpy(sep->se_ctrladdr_un.sun_path,
sep->se_service, n);
sep->se_ctrladdr_un.sun_family = AF_UNIX;
>Audit-Trail:
>Unformatted: