Properly check the lengths of Unix-socket pathnames.

If something is too long to fit in a sun_addr, we should spot that well in advance and not try.
2025-07-05 21:42:47 -05:00 · 2017-02-14 21:59:52 +00:00
parent a146ab2e7a
commit bec33b2311
2 changed files with 4 additions and 3 deletions
--- a/unix/uxagentc.c
+++ b/unix/uxagentc.c
@ -134,7 +134,7 @@ agent_pending_query *agent_query(
    agent_pending_query *conn;

    name = getenv("SSH_AUTH_SOCK");
-    if (!name)
+    if (!name || strlen(name) >= sizeof(addr.sun_path))
 	goto failure;

    sock = socket(PF_UNIX, SOCK_STREAM, 0);
@ -146,7 +146,7 @@ agent_pending_query *agent_query(
    cloexec(sock);

    addr.sun_family = AF_UNIX;
-    strncpy(addr.sun_path, name, sizeof(addr.sun_path));
+    strcpy(addr.sun_path, name);
    if (connect(sock, (struct sockaddr *)&addr, sizeof(addr)) < 0) {
 	close(sock);
 	goto failure;