2 files changed, 8 insertions, 4 deletions

diff --git a/sysdep/unix/io.c b/sysdep/unix/io.c
index 3aba48d2..14bf99fe 100644
--- a/sysdep/unix/io.c
+++ b/sysdep/unix/io.c
@@ -1513,11 +1513,14 @@ sk_open_unix(sock *s, char *name)
 }
 
 int
-sk_connect_unix(sock *s, char *name)
+sk_connect_unix(sock *s, char *name, socklen_t namelen)
 {
   struct sockaddr_un sa;
   int fd;
 
+  if (namelen > sizeof(sa.sun_path))
+    return -1;
+
   /* We are sloppy during error (leak fd and not set s->err), but we die anyway */
 
   fd = socket(AF_UNIX, SOCK_STREAM, 0);
@@ -1528,10 +1531,11 @@ sk_connect_unix(sock *s, char *name)
     return -1;
 
   /* Path length checked in test_old_bird() */
+  memset(&sa, 0, sizeof(sa));
   sa.sun_family = AF_UNIX;
-  strcpy(sa.sun_path, name);
+  memcpy(sa.sun_path, name, namelen);
 
-  if (connect(fd, (struct sockaddr *) &sa, SUN_LEN(&sa)) < 0)
+  if (connect(fd, (struct sockaddr *) &sa, sizeof(sa.sun_family) + namelen) < 0)
     return -1;
 
   s->fd = fd;
diff --git a/sysdep/unix/unix.h b/sysdep/unix/unix.h
index 849e5947..a95e5c25 100644
--- a/sysdep/unix/unix.h
+++ b/sysdep/unix/unix.h
@@ -108,7 +108,7 @@ void io_loop(void);
 void io_log_dump(void);
 int sk_open_unix(struct birdsock *s, char *name);
 struct rfile *rf_open(struct pool *, const char *name, const char *mode);
-int sk_connect_unix(struct birdsock *s, char *name);
+int sk_connect_unix(struct birdsock *s, char *name, socklen_t namelen);
 void *rf_file(struct rfile *f);
 int rf_fileno(struct rfile *f);
 void test_old_bird(char *path);