On Wed, Sep 14, 2016 at 08:39:03PM -0700, Ben Pfaff wrote:
> If the socket length does not include any of the bytes of the path, then
> the code should not read even the first byte of the path.
>
> Found by valgrind.
>
> CC: Thadeu Lima de Souza Cascardo <casca...@redhat.com>
> Reported-by: Joe Stringer <j...@ovn.org>
> Signed-off-by: Ben Pfaff <b...@ovn.org>
Acked-by: Thadeu Lima de Souza Cascardo <casca...@redhat.com>
> ---
> lib/socket-util-unix.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/lib/socket-util-unix.c b/lib/socket-util-unix.c
> index 5d4b88c..59f63fc 100644
> --- a/lib/socket-util-unix.c
> +++ b/lib/socket-util-unix.c
> @@ -1,5 +1,5 @@
> /*
> - * Copyright (c) 2014 Nicira, Inc.
> + * Copyright (c) 2014, 2016 Nicira, Inc.
> *
> * Licensed under the Apache License, Version 2.0 (the "License");
> * you may not use this file except in compliance with the License.
> @@ -389,7 +389,7 @@ error:
> int
> get_unix_name_len(const struct sockaddr_un *sun, socklen_t sun_len)
> {
> - return (sun_len >= offsetof(struct sockaddr_un, sun_path) &&
> + return (sun_len > offsetof(struct sockaddr_un, sun_path) &&
> sun->sun_path[0] != 0
> ? sun_len - offsetof(struct sockaddr_un, sun_path)
> : 0);
> --
> 2.1.3
>
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
