From ce6db8f286160fbf71c409416bd43c229b874601 Mon Sep 17 00:00:00 2001 From: akr Date: Wed, 17 Apr 2013 11:01:17 +0000 Subject: [PATCH] * ext/socket/rubysocket.h (SOCKLEN_MAX): Defined. * ext/socket/raddrinfo.c (ext/socket/raddrinfo.c): Reject too long Linux abstract socket name. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40335 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- ChangeLog | 7 +++++++ ext/socket/raddrinfo.c | 4 +++- ext/socket/rubysocket.h | 6 ++++++ 3 files changed, 16 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 1fd2db96a7..dddd53b789 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +Wed Apr 17 20:00:18 2013 Tanaka Akira + + * ext/socket/rubysocket.h (SOCKLEN_MAX): Defined. + + * ext/socket/raddrinfo.c (ext/socket/raddrinfo.c): Reject too long + Linux abstract socket name. + Wed Apr 17 19:45:27 2013 Aman Gupta * iseq.c (iseq_location_setup): re-use existing string when iseq has diff --git a/ext/socket/raddrinfo.c b/ext/socket/raddrinfo.c index d0d4d85c05..327218f222 100644 --- a/ext/socket/raddrinfo.c +++ b/ext/socket/raddrinfo.c @@ -450,8 +450,10 @@ rsock_unix_sockaddr_len(VALUE path) } else if (RSTRING_PTR(path)[0] == '\0') { /* abstract namespace; see unix(7) for details. */ + if (SOCKLEN_MAX - offsetof(struct sockaddr_un, sun_path) < (size_t)RSTRING_LEN(path)) + rb_raise(rb_eArgError, "Linux abstract socket too long"); return (socklen_t) offsetof(struct sockaddr_un, sun_path) + - RSTRING_LEN(path); + RSTRING_SOCKLEN(path); } else { #endif diff --git a/ext/socket/rubysocket.h b/ext/socket/rubysocket.h index 5369f566a4..1636a383cb 100644 --- a/ext/socket/rubysocket.h +++ b/ext/socket/rubysocket.h @@ -91,6 +91,12 @@ #ifndef HAVE_TYPE_SOCKLEN_T typedef int socklen_t; #endif + +#define SOCKLEN_MAX \ + (0 < (((socklen_t)0)-1) ? \ + ~(socklen_t)0 : \ + (((((socklen_t)1) << (sizeof(socklen_t) * CHAR_BIT - 2)) - 1) * 2 + 1)) + #ifndef RSTRING_SOCKLEN # define RSTRING_SOCKLEN (socklen_t)RSTRING_LENINT #endif