diff options
author | Ian Gudger <igudger@google.com> | 2018-08-14 15:05:44 -0700 |
---|---|---|
committer | Shentubot <shentubot@google.com> | 2018-08-14 15:07:05 -0700 |
commit | e97717e29a1bb3e373b130086c4182c598a8121c (patch) | |
tree | 3bdb56a59611ba9355a52ddd5819711337aba578 | |
parent | 6cf22781673d75cca459fd668cf291b387d52e0d (diff) |
Enforce Unix socket address length limit
PiperOrigin-RevId: 208720936
Change-Id: Ic943a88b6efeff49574306d4d4e1f113116ae32e
-rw-r--r-- | pkg/sentry/socket/epsocket/epsocket.go | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/pkg/sentry/socket/epsocket/epsocket.go b/pkg/sentry/socket/epsocket/epsocket.go index b32eda96f..0000875e7 100644 --- a/pkg/sentry/socket/epsocket/epsocket.go +++ b/pkg/sentry/socket/epsocket/epsocket.go @@ -150,6 +150,9 @@ func GetAddress(sfamily int, addr []byte) (tcpip.FullAddress, *syserr.Error) { switch family { case linux.AF_UNIX: path := addr[2:] + if len(path) > linux.UnixPathMax { + return tcpip.FullAddress{}, syserr.ErrInvalidArgument + } // Drop the terminating NUL (if one exists) and everything after it. // Skip the first byte, which is NUL for abstract paths. if len(path) > 1 { |