qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: qemu-sockets: account for trailing \0 byte in unix socket pathname

From: Michael Tokarev
Subject: Re: qemu-sockets: account for trailing \0 byte in unix socket pathname
Date: Tue, 31 Aug 2021 20:17:09 +0300
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 
31.08.2021 01:54, Michael Tokarev wrote:

Linux kernel can return size of af_unix socket to be
one byte larger than sockaddr_un structure - adding
the trailing zero byte.

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Fixes: 4cfd970ec188558daa6214f26203fe553fb1e01f (first in 6.1.0)
Cc: qemu-stable@nongnu.org

diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c
index f2f3676d1f..83926dc2bc 100644
--- a/util/qemu-sockets.c
+++ b/util/qemu-sockets.c
@@ -1345,8 +1345,9 @@ socket_sockaddr_to_address_unix(struct sockaddr_storage 
*sa,
      SocketAddress *addr;
      struct sockaddr_un *su = (struct sockaddr_un *)sa;
+ /* kernel might have added \0 terminator to non-abstract socket */ 
      assert(salen >= sizeof(su->sun_family) + 1 &&
-           salen <= sizeof(struct sockaddr_un));
+           salen <= sizeof(struct sockaddr_un) + su->sun_path[0] ? 1 : 0);
addr = g_new0(SocketAddress, 1); 
      addr->type = SOCKET_ADDRESS_TYPE_UNIX;


Actually, this is not sufficient.

While this change fixes one issue (the famous trailing null byte \0),
the actual assertion failure occurs because salen = 2, ie, too SMALL,
not too large.

So it looks like libvirt provides an unnamed socket there, --
maybe from a socketpair(2)?

Hwell..

/mjt
reply via email to
[Prev in Thread] Current Thread [Next in Thread]