diff options
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | ext/socket/raddrinfo.c | 4 | ||||
-rw-r--r-- | ext/socket/rubysocket.h | 6 |
3 files changed, 16 insertions, 1 deletions
@@ -1,3 +1,10 @@ +Wed Apr 17 20:00:18 2013 Tanaka Akira <akr@fsij.org> + + * ext/socket/rubysocket.h (SOCKLEN_MAX): Defined. + + * ext/socket/raddrinfo.c (ext/socket/raddrinfo.c): Reject too long + Linux abstract socket name. + Wed Apr 17 19:45:27 2013 Aman Gupta <tmm1@ruby-lang.org> * iseq.c (iseq_location_setup): re-use existing string when iseq has diff --git a/ext/socket/raddrinfo.c b/ext/socket/raddrinfo.c index d0d4d85c05..327218f222 100644 --- a/ext/socket/raddrinfo.c +++ b/ext/socket/raddrinfo.c @@ -450,8 +450,10 @@ rsock_unix_sockaddr_len(VALUE path) } else if (RSTRING_PTR(path)[0] == '\0') { /* abstract namespace; see unix(7) for details. */ + if (SOCKLEN_MAX - offsetof(struct sockaddr_un, sun_path) < (size_t)RSTRING_LEN(path)) + rb_raise(rb_eArgError, "Linux abstract socket too long"); return (socklen_t) offsetof(struct sockaddr_un, sun_path) + - RSTRING_LEN(path); + RSTRING_SOCKLEN(path); } else { #endif diff --git a/ext/socket/rubysocket.h b/ext/socket/rubysocket.h index 5369f566a4..1636a383cb 100644 --- a/ext/socket/rubysocket.h +++ b/ext/socket/rubysocket.h @@ -91,6 +91,12 @@ #ifndef HAVE_TYPE_SOCKLEN_T typedef int socklen_t; #endif + +#define SOCKLEN_MAX \ + (0 < (((socklen_t)0)-1) ? \ + ~(socklen_t)0 : \ + (((((socklen_t)1) << (sizeof(socklen_t) * CHAR_BIT - 2)) - 1) * 2 + 1)) + #ifndef RSTRING_SOCKLEN # define RSTRING_SOCKLEN (socklen_t)RSTRING_LENINT #endif |