Coverity complains that e don't check for a truncation when copying in
the path. Bail if we can't copy the whole path into sockaddr.
Fixes: CID 1519045
Fixes: CID 1519046
Signed-off-by: Alex Bennée <alex.ben...@linaro.org>
---
contrib/plugins/lockstep.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/contrib/plugins/lockstep.c b/contrib/plugins/lockstep.c
index 682b11feb2..f0cb8792c6 100644
--- a/contrib/plugins/lockstep.c
+++ b/contrib/plugins/lockstep.c
@@ -245,6 +245,7 @@ static void vcpu_tb_trans(qemu_plugin_id_t id, struct
qemu_plugin_tb *tb)
static bool setup_socket(const char *path)
{
struct sockaddr_un sockaddr;
+ const gsize pathlen = sizeof(sockaddr.sun_path) - 1;
int fd;
fd = socket(AF_UNIX, SOCK_STREAM, 0);
@@ -254,7 +255,11 @@ static bool setup_socket(const char *path)
}
sockaddr.sun_family = AF_UNIX;
- g_strlcpy(sockaddr.sun_path, path, sizeof(sockaddr.sun_path) - 1);
+ if (g_strlcpy(sockaddr.sun_path, path, pathlen) >= pathlen) {
+ perror("bad path");
+ return false;
+ }
+
if (bind(fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr)) < 0) {
perror("bind socket");
close(fd);
@@ -287,6 +292,7 @@ static bool connect_socket(const char *path)
{
int fd;
struct sockaddr_un sockaddr;
+ const gsize pathlen = sizeof(sockaddr.sun_path) - 1;
fd = socket(AF_UNIX, SOCK_STREAM, 0);
if (fd < 0) {
@@ -295,7 +301,10 @@ static bool connect_socket(const char *path)
}
sockaddr.sun_family = AF_UNIX;
- g_strlcpy(sockaddr.sun_path, path, sizeof(sockaddr.sun_path) - 1);
+ if (g_strlcpy(sockaddr.sun_path, path, pathlen) >= pathlen) {
+ perror("bad path");
+ return false;
+ }
if (connect(fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr)) < 0) {
perror("failed to connect");
--
2.39.2
