net/local: Return -EINVAL if the address length passed to local_bind is too small

Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
2022-12-18 14:55:44 +08:00 · 2022-12-18 14:55:44 +08:00 · aea8f8175a
commit aea8f8175a
parent 6f15b32e34
3 changed files with 17 additions and 25 deletions
--- a/net/local/local_bind.c
+++ b/net/local/local_bind.c
@ -52,11 +52,14 @@ int psock_local_bind(FAR struct socket *psock,
  FAR struct local_conn_s *conn;
  FAR const struct sockaddr_un *unaddr =
    (FAR const struct sockaddr_un *)addr;
-  int namelen;

  DEBUGASSERT(psock != NULL && psock->s_conn != NULL &&
-              unaddr != NULL && unaddr->sun_family == AF_LOCAL &&
-              addrlen >= sizeof(sa_family_t));
+              unaddr != NULL && unaddr->sun_family == AF_LOCAL);
+
+  if (addrlen <= sizeof(sa_family_t) + 1)
+    {
+      return -EINVAL;
+    }

  conn = (FAR struct local_conn_s *)psock->s_conn;

@ -68,33 +71,23 @@ int psock_local_bind(FAR struct socket *psock,
   * of the address description.
   */

-  if (addrlen == sizeof(sa_family_t))
+  if (unaddr->sun_path[0] == '\0')
    {
-      /* No sun_path... This is an un-named Unix domain socket */
+      /* Zero-length sun_path... This is an abstract Unix domain socket */

-      conn->lc_type = LOCAL_TYPE_UNNAMED;
+      conn->lc_type    = LOCAL_TYPE_ABSTRACT;
+      conn->lc_path[0] = '\0';
    }
  else
    {
-      namelen = strnlen(unaddr->sun_path, UNIX_PATH_MAX - 1);
-      if (namelen <= 0)
-        {
-          /* Zero-length sun_path... This is an abstract Unix domain socket */
+      /* This is an normal, pathname Unix domain socket */

-          conn->lc_type    = LOCAL_TYPE_ABSTRACT;
-          conn->lc_path[0] = '\0';
-        }
-      else
-        {
-          /* This is an normal, pathname Unix domain socket */
+      conn->lc_type = LOCAL_TYPE_PATHNAME;

-          conn->lc_type = LOCAL_TYPE_PATHNAME;
+      /* Copy the path into the connection structure */

-          /* Copy the path into the connection structure */
-
-          strlcpy(conn->lc_path, unaddr->sun_path, sizeof(conn->lc_path));
-          conn->lc_instance_id = -1;
-        }
+      strlcpy(conn->lc_path, unaddr->sun_path, sizeof(conn->lc_path));
+      conn->lc_instance_id = -1;
    }

  conn->lc_state = LOCAL_STATE_BOUND;
--- a/net/local/local_recvutils.c
+++ b/net/local/local_recvutils.c
@ -175,7 +175,7 @@ int local_getaddr(FAR struct local_conn_s *conn, FAR struct sockaddr *addr,
  int totlen;
  int pathlen;

-  DEBUGASSERT(conn && addr && addrlen && *addrlen >= sizeof(sa_family_t));
+  DEBUGASSERT(conn && addr && addrlen);

  /* Get the length of the path (minus the NUL terminator) and the length
   * of the whole Unix domain address.
--- a/net/local/local_sockif.c
+++ b/net/local/local_sockif.c
@ -354,8 +354,7 @@ static int local_getsockname(FAR struct socket *psock,
  FAR struct local_conn_s *conn;

  DEBUGASSERT(psock != NULL && psock->s_conn != NULL &&
-              unaddr != NULL && addrlen != NULL &&
-              *addrlen >= sizeof(sa_family_t));
+              unaddr != NULL && addrlen != NULL);

  if (*addrlen < sizeof(sa_family_t))
    {