summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMikael Magnusson <mikachu@gmail.com>2026-05-07 07:14:45 +0200
committerMikael Magnusson <mikachu@gmail.com>2026-05-11 21:31:52 +0200
commit303f8bac2f588732d9aa86fe19a59e8a7cb0bfef (patch)
tree0711e3e071957dac1c71547cbaa6e13040874b0d
parent54492: is* classification functions take unsigned char (diff)
downloadzsh-303f8bac2f588732d9aa86fe19a59e8a7cb0bfef.tar
zsh-303f8bac2f588732d9aa86fe19a59e8a7cb0bfef.tar.gz
zsh-303f8bac2f588732d9aa86fe19a59e8a7cb0bfef.tar.bz2
zsh-303f8bac2f588732d9aa86fe19a59e8a7cb0bfef.tar.lz
zsh-303f8bac2f588732d9aa86fe19a59e8a7cb0bfef.tar.xz
zsh-303f8bac2f588732d9aa86fe19a59e8a7cb0bfef.tar.zst
zsh-303f8bac2f588732d9aa86fe19a59e8a7cb0bfef.zip
54493: socket: fix some issues with socket name
If the passed name was too long, it was silently truncated. If it was exactly the max length, the string was not nul terminated. % zsocket -l aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa ==421== Syscall param socketcall.bind(my_addr.sun_path) points to uninitialised byte(s) ==421== at 0x4DD77D7: bind (in /lib64/libc-2.32.so) ==421== by 0x61FB31A: bin_zsocket (in /usr/local/lib64/zsh/5.9.0.3-test-mika/zsh/net/socket.so) ==421== by 0x4217BF: execbuiltin (in /usr/local/bin/zsh) ==421== by 0x433751: execcmd_exec (in /usr/local/bin/zsh) ==421== by 0x433D2B: execpline2 (in /usr/local/bin/zsh) ==421== by 0x434084: execpline (in /usr/local/bin/zsh) ==421== by 0x4359F8: execlist (in /usr/local/bin/zsh) ==421== by 0x4362A1: execode (in /usr/local/bin/zsh) ==421== by 0x44F7A1: loop (in /usr/local/bin/zsh) ==421== by 0x450AAD: zsh_main (in /usr/local/bin/zsh) ==421== by 0x4D01E69: (below main) (in /lib64/libc-2.32.so) ==421== Address 0x1ffeffd7ad is on thread 1's stack ==421== in frame #1, created by bin_zsocket (???:)
Diffstat
-rw-r--r--ChangeLog3
-rw-r--r--Src/Modules/socket.c11
2 files changed, 13 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index 876e5f0ab..4d6130ba9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -20,6 +20,9 @@
* 54492: Src/Zle/termquery.c: is* classification functions take
unsigned char
+ * 54493: Src/Modules/socket.c: socket: fix some issues with
+ socket name
+
2026-05-10 Oliver Kiddle <opk@zsh.org>
* unposted: Completion/Linux/Command/_selinux: complete files
diff --git a/Src/Modules/socket.c b/Src/Modules/socket.c
index c65b7dfce..4f2a6ecbf 100644
--- a/Src/Modules/socket.c
+++ b/Src/Modules/socket.c
@@ -58,7 +58,7 @@ bin_zsocket(char *nam, char **args, Options ops, UNUSED(int func))
{
int err=1, verbose=0, test=0, targetfd=0;
ZSOCKLEN_T len;
- struct sockaddr_un soun;
+ struct sockaddr_un soun = { 0 };
int sfd;
if (OPT_ISSET(ops,'v'))
@@ -90,6 +90,10 @@ bin_zsocket(char *nam, char **args, Options ops, UNUSED(int func))
}
localfn = args[0];
+ if (strlen(localfn) >= sizeof(soun.sun_path)) {
+ zwarnnam(nam, "socket path too long: %d > %d", strlen(localfn), sizeof(soun.sun_path) -1 );
+ return 1;
+ }
sfd = socket(PF_UNIX, SOCK_STREAM, 0);
@@ -232,6 +236,11 @@ bin_zsocket(char *nam, char **args, Options ops, UNUSED(int func))
return 1;
}
+ if (strlen(args[0]) >= sizeof(soun.sun_path)) {
+ zwarnnam(nam, "socket path too long: %d > %d", strlen(args[0]), sizeof(soun.sun_path) -1 );
+ return 1;
+ }
+
sfd = socket(PF_UNIX, SOCK_STREAM, 0);
if (sfd == -1) {
generated by cgit v1.3.1 (git 2.54.0) at 2026-05-15 04:10:49 +0000