* ext/socket/rubysocket.h (SOCKLEN_MAX): Defined.

* ext/socket/raddrinfo.c (ext/socket/raddrinfo.c): Reject too long
  Linux abstract socket name.



git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40335 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

3 files changed, 16 insertions, 1 deletions

diff --git a/ChangeLog b/ChangeLog
index 1fd2db96a7..dddd53b789 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+Wed Apr 17 20:00:18 2013  Tanaka Akira  <akr@fsij.org>
+
+	* ext/socket/rubysocket.h (SOCKLEN_MAX): Defined.
+
+	* ext/socket/raddrinfo.c (ext/socket/raddrinfo.c): Reject too long
+	  Linux abstract socket name.
+
 Wed Apr 17 19:45:27 2013  Aman Gupta  <tmm1@ruby-lang.org>
 
 	* iseq.c (iseq_location_setup): re-use existing string when iseq has
diff --git a/ext/socket/raddrinfo.c b/ext/socket/raddrinfo.c
index d0d4d85c05..327218f222 100644
--- a/ext/socket/raddrinfo.c
+++ b/ext/socket/raddrinfo.c
@@ -450,8 +450,10 @@ rsock_unix_sockaddr_len(VALUE path)
     }
     else if (RSTRING_PTR(path)[0] == '\0') {
 	/* abstract namespace; see unix(7) for details. */
+        if (SOCKLEN_MAX - offsetof(struct sockaddr_un, sun_path) < (size_t)RSTRING_LEN(path))
+            rb_raise(rb_eArgError, "Linux abstract socket too long");
 	return (socklen_t) offsetof(struct sockaddr_un, sun_path) +
-	    RSTRING_LEN(path);
+	    RSTRING_SOCKLEN(path);
     }
     else {
 #endif
diff --git a/ext/socket/rubysocket.h b/ext/socket/rubysocket.h
index 5369f566a4..1636a383cb 100644
--- a/ext/socket/rubysocket.h
+++ b/ext/socket/rubysocket.h
@@ -91,6 +91,12 @@
 #ifndef HAVE_TYPE_SOCKLEN_T
 typedef int socklen_t;
 #endif
+
+#define SOCKLEN_MAX \
+  (0 < (((socklen_t)0)-1) ? \
+   ~(socklen_t)0 : \
+   (((((socklen_t)1) << (sizeof(socklen_t) * CHAR_BIT - 2)) - 1) * 2 + 1))
+
 #ifndef RSTRING_SOCKLEN
 #  define RSTRING_SOCKLEN (socklen_t)RSTRING_LENINT
 #endif