Skip to content

Commit 9c317cd

Browse files
KuzinAndreybvanassche
KuzinAndrey
authored and
bvanassche
committed
Fix: Possible unix socket path overflow with strncpy()
Compilation warning: sd-daemon.c: In function 'netsnmp_sd_notify': sd-daemon.c:316:9: warning: '__builtin_strncpy' specified bound 108 equals destination size [-Wstringop-truncation] 316 | strncpy(sockaddr.un.sun_path, e, sizeof(sockaddr.un.sun_path)); | ^
1 parent f5526b1 commit 9c317cd

File tree

1 file changed

+6
-1
lines changed

1 file changed

+6
-1
lines changed

snmplib/sd-daemon.c

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -313,7 +313,12 @@ int netsnmp_sd_notify(int unset_environment, const char *state) {
313313

314314
memset(&sockaddr, 0, sizeof(sockaddr));
315315
sockaddr.sa.sa_family = AF_UNIX;
316-
strncpy(sockaddr.un.sun_path, e, sizeof(sockaddr.un.sun_path));
316+
if (sizeof(sockaddr.un.sun_path) <= snprintf(sockaddr.un.sun_path,
317+
sizeof(sockaddr.un.sun_path), "%s", e)) {
318+
DEBUGMSGTL(("systemd:netsnmp_sd_notify", "Unix socket path %s is too long.\n", e));
319+
r = -EINVAL;
320+
goto finish;
321+
}
317322

318323
if (sockaddr.un.sun_path[0] == '@')
319324
sockaddr.un.sun_path[0] = 0;

0 commit comments

Comments
 (0)