Re: [PATCH v54 0/7] MR2786: Add support for AF_UNIX sockets

21 Sep 2023


      Alexandre Julliard (@julliard) commented about server/sock.c:
...

       if (*((struct WS_sockaddr_un *)&addr)->sun_path)


       {


           char *unix_path = (char *)(params + 1) + params->addr_len;


           char unix_path_copy[PATH_MAX];


           send_len -= strlen( unix_path ) + 1;


           strcpy(unix_path_copy, unix_path);


           if (chdir( dirname( unix_path_copy ) ) == -1)


           {


               set_error( sock_get_ntstatus( errno ) );


               return;


           }


           unix_len = sizeof(unix_addr.un);


           unix_addr.un.sun_family = AF_UNIX;


           memcpy( unix_addr.un.sun_path, basename( unix_path ), sizeof(unix_addr.un.sun_path) );


       }


You can't assume that the path is null-terminated. In fact it shouldn't be, you should use an explicit length instead.
Please also avoid using fixed-length buffers and dirname/basename.
-- 
https://gitlab.winehq.org/wine/wine/-/merge_requests/2786#note_46170

2025

2024

2023

2022

Re: [PATCH v54 0/7] MR2786: Add support for AF_UNIX sockets