From d5358bbb6bb5c21a6343fa6329d37c2614e7819d Mon Sep 17 00:00:00 2001
From: Karel Zak
Date: Wed, 30 Sep 2015 12:42:16 +0200
Subject: libuuid: fix buffer overflow with long paths

Based on patch from Justin Akers, he wrote:
> When building Openembedded inside a Jenkins matrix job the paths can
> get quite long. This ensures libuuid won't crash when attempting to
> connect to uuidd in such a scenario.

Reported-by: Justin Akers <dafugg@gmail.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
---
 libuuid/src/gen_uuid.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'libuuid')

diff --git a/libuuid/src/gen_uuid.c b/libuuid/src/gen_uuid.c
index 2c5b95564..4d6099720 100644
--- a/libuuid/src/gen_uuid.c
+++ b/libuuid/src/gen_uuid.c
@@ -85,6 +85,7 @@
 #include "uuidP.h"
 #include "uuidd.h"
 #include "randutils.h"
+#include "strutils.h"
 #include "c.h"
 
 #ifdef HAVE_TLS
@@ -329,6 +330,7 @@ try_again:
 }
 
 #if defined(HAVE_UUIDD) && defined(HAVE_SYS_UN_H)
+
 /*
  * Try using the uuidd daemon to generate the UUID
  *
@@ -343,11 +345,14 @@ static int get_uuid_via_daemon(int op, uuid_t out, int *num)
 	int32_t reply_len = 0, expected = 16;
 	struct sockaddr_un srv_addr;
 
+	if (sizeof(UUIDD_SOCKET_PATH) > sizeof(srv_addr.sun_path))
+		return -1;
+
 	if ((s = socket(AF_UNIX, SOCK_STREAM, 0)) < 0)
 		return -1;
 
 	srv_addr.sun_family = AF_UNIX;
-	strcpy(srv_addr.sun_path, UUIDD_SOCKET_PATH);
+	xstrncpy(srv_addr.sun_path, UUIDD_SOCKET_PATH, sizeof(srv_addr.sun_path));
 
 	if (connect(s, (const struct sockaddr *) &srv_addr,
 		    sizeof(struct sockaddr_un)) < 0)
-- 
cgit v1.2.3-55-g7522