git:master:d4f3c96c: mi_datagram: safety check so the length of mi socket doesn't result in overflow - sr-dev

1 Nov 2016

Module: kamailio
Branch: master
Commit: d4f3c96cdf2efc8db8fa115a35f7ea9545ea4c9f
URL: https://github.com/kamailio/kamailio/commit/d4f3c96cdf2efc8db8fa115a35f7ea95...
Author: Daniel-Constantin Mierla miconda@gmail.com
Committer: Daniel-Constantin Mierla miconda@gmail.com
Date: 2016-11-01T15:14:41+01:00
mi_datagram: safety check so the length of mi socket doesn't result in overflow
---
Modified: modules/mi_datagram/mi_datagram.c
---
Diff:  https://github.com/kamailio/kamailio/commit/d4f3c96cdf2efc8db8fa115a35f7ea95...
Patch: https://github.com/kamailio/kamailio/commit/d4f3c96cdf2efc8db8fa115a35f7ea95...
---

diff --git a/modules/mi_datagram/mi_datagram.c b/modules/mi_datagram/mi_datagram.c
index 3260420..a06e2f2 100644
--- a/modules/mi_datagram/mi_datagram.c
+++ b/modules/mi_datagram/mi_datagram.c
@@ -200,7 +200,7 @@ static int mi_mod_init(void)
    		LM_ERR("invalid port number; must be in [1024,%d]\n",MAX_NB_PORT);
    		return -1;
    	}
-		
+
    	if(! (host = resolvehost(host_s)) ) {
    		LM_ERR("failed to resolve %s\n", host_s);
    		return -1;
@@ -212,10 +212,10 @@ static int mi_mod_init(void)
    	}
    	mi_socket_domain = host->h_addrtype;
    	goto done;
-	} 
+	}
    /* in case of a Unix socket*/
    LM_DBG("we have an UNIX socket\n");
-		
+
    n=stat(mi_socket, &filestat);
    if( n==0) {
    	LM_INFO("the socket %s already exists, trying to delete it...\n", mi_socket);
@@ -235,14 +235,14 @@ static int mi_mod_init(void)
    	LM_WARN("cannot specify mi_unix_socket_mode = 0, forcing it to rw-------\n");
    	mi_unix_socket_mode = S_IRUSR| S_IWUSR;
    }
-	
+
    if (mi_unix_socket_uid_s) {
    	if (user2uid(&mi_unix_socket_uid, &mi_unix_socket_gid, mi_unix_socket_uid_s)<0) {
    		LM_ERR("bad user name %s\n", mi_unix_socket_uid_s);
    		return -1;
    	}
    }
-	
+
    if (mi_unix_socket_gid_s) {
    	if (group2gid(&mi_unix_socket_gid, mi_unix_socket_gid_s)<0) {
    		LM_ERR("bad group name %s\n", mi_unix_socket_gid_s);
@@ -252,7 +252,11 @@ static int mi_mod_init(void)
/*create the unix socket address*/
    mi_dtgram_addr.unix_addr.sun_family = AF_LOCAL;
-	memcpy( mi_dtgram_addr.unix_addr.sun_path, mi_socket, strlen(mi_socket));
+	if(strlen(mi_socket)>=sizeof(mi_dtgram_addr.unix_addr.sun_path)-1) {
+		LM_ERR("mi socket path is too long\n");
+		return -1;
+	}
+	memcpy(mi_dtgram_addr.unix_addr.sun_path, mi_socket, strlen(mi_socket));
done:
    /* add space for extra processes */
@@ -369,7 +373,7 @@ static int mi_destroy(void)
    	if (n==0) {
    		if(config_check==0) {
    			if (unlink(mi_socket)<0){
-					LM_ERR("cannot delete the socket (%s): %s\n", 
+					LM_ERR("cannot delete the socket (%s): %s\n",
    					mi_socket, strerror(errno));
    				goto error;
    			}

    