On Thu, Jun 27, 2024 at 10:46:41PM +0200, Stefano Brivio wrote:
> UNIX_SOCK_MAX is the maximum number we'll append to the socket path
> if we generate it automatically. If it's given on the command line,
> it can be up to UNIX_PATH_MAX (including the terminating character)
> long.
> 
> UNIX_SOCK_MAX happened to kind of fit because it's 100 (instead of
> 108).
> 
> Commit ceddcac74a6e ("conf, tap: False "Buffer not null terminated"
> positives, CWE-170") fixed the wrong problem: the right fix for the
> problem at hand was actually commit cc287af173ca ("conf: Fix
> incorrect bounds checking for sock_path parameter").
> 
> Fixes: ceddcac74a6e ("conf, tap: False "Buffer not null terminated" positives, CWE-170")
> Signed-off-by: Stefano Brivio <sbrivio@redhat.com>

Reviewed-by: David Gibson <david@gibson.dropbear.id.au>


> ---
>  conf.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/conf.c b/conf.c
> index 9e47e9a..3c38ceb 100644
> --- a/conf.c
> +++ b/conf.c
> @@ -1398,7 +1398,7 @@ void conf(struct ctx *c, int argc, char **argv)
>  			c->foreground = 1;
>  			break;
>  		case 's':
> -			ret = snprintf(c->sock_path, UNIX_SOCK_MAX - 1, "%s",
> +			ret = snprintf(c->sock_path, sizeof(c->sock_path), "%s",
>  				       optarg);
>  			if (ret <= 0 || ret >= (int)sizeof(c->sock_path))
>  				die("Invalid socket path: %s", optarg);

-- 
David Gibson (he or they)	| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you, not the other way
				| around.
http://www.ozlabs.org/~dgibson