search for: sun_path

...ncation. Linux does not require a trailing NUL byte in sockaddr_un, so we can allow names one byte longer. Not entirely fixed: although the proposed NBD URI document mentions that URIs can start with a leading (encoded) NUL byte to access the Linux abstract socket namespace, our use of strlen(sun.sun_path) would truncate the trailing bytes - but to support abstract sockets in general, we'd need to add h->unixlen alongside the existing h->unixsocket. --- generator/states-connect.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/generator/states-connect....

gcc 8 gripes (when using './configure --enable-gcc-warnings'): nbd.c: In function 'nbd_open': nbd.c:470:3: error: 'strncpy' specified bound 108 equals destination size [-Werror=stringop-truncation] strncpy (sock.sun_path, sockname, sizeof (sock.sun_path)); The warning is a false positive, given that we currently reject names >= sizeof(sock.sun_path), and thus we are only ever copying in a name that will include a trailing NUL. However, note that Linux permits a socket name to use the full width of sun_path (fo...

...%s"), @@ -213,52 +214,88 @@ static int control_compare(const struct event *a, const struct event *b) { bool init_control() { int result; struct sockaddr_un addr; + char *lastslash; + const char *controlsocketbasename = controlsocketname; - if(strlen(controlsocketname) >= sizeof addr.sun_path) { + control_socket = socket(PF_UNIX, SOCK_STREAM, 0); + + if(control_socket < 0) { + logger(LOG_ERR, _("Creating UNIX socket failed: %s"), strerror(errno)); + goto bail; + } + + /* + * This is rather elaborate for security: + * - On Solaris, we need to restrict traversal into a so...

On Mon, 23 Feb 2015, Kevin Brott wrote: > > Yup - that cleared that hurdle ... now it dies here on AIX: > > xlc_r -O2 -qarch=ppc -qalloca -I/usr/include -I/opt/freeware/include > -I. -I. -O2 -qarch=ppc -qalloca -I/usr/include -I/opt/freeware/include > -DSSHDIR=\"/usr/local/etc\" -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\" >

...ct() is tested: char egd_message[2] = { 0x02, 0x00 }; struct sockaddr_un addr; int addr_len; memset(&addr, '\0', sizeof(addr)); addr.sun_family = AF_UNIX; /* FIXME: compile time check? */ if (sizeof(RANDOM_POOL) > sizeof(addr.sun_path)) fatal("Random pool path is too long"); strncpy(addr.sun_path, RANDOM_POOL, sizeof(addr.sun_path - 1)); addr.sun_path[sizeof(addr.sun_path - 1)] = '\0'; addr_len = offsetof(struct sockaddr_un, sun_path) + sizeof(RANDOM_POOL); ran...

..._("Cannot send greeting for new control connection: %s"), @@ -213,6 +214,7 @@ static int control_compare(const struct event *a, const struct event *b) { bool init_control() { int result; struct sockaddr_un addr; + mode_t old_umask; if(strlen(controlsocketname) >= sizeof addr.sun_path) { logger(LOG_ERR, _("Control socket filename too long!")); @@ -230,7 +232,11 @@ bool init_control() { return false; } - //unlink(controlsocketname); + /* + * Restrict access to the control socket. + * I believe this works everywhere but Solaris. + */ + old_umask = umask(0077...

...not transferred (see previous errors) (code 23) at main.c(1052) [sender=3.0.9] After lots of debugging I found out, that do_mknod() wants to create a socket file. The given variable pathname contains a 127 characters path (with many directories). Now consider this line in do_mknod: strlcpy(saddr.sun_path, pathname, sizeof saddr.sun_path); It copies pathname into sun_path without any length checking. The function strlcpy truncates in my case the path because sun_path is limited to 108 characters on at least Solaris/Illumos. Maybe this is a problem on Linux as well (see also: http://www.kernelsource...

...y using such type of thing in the Guest : #define NAME "/dev/virtio-ports/agent" sock = socket(AF_UNIX, SOCK_STREAM, 0); 12 if (sock < 0) { 13 perror("opening stream socket"); 14 exit(1); 15 } 16 server.sun_family = AF_UNIX; 17 strcpy(server.sun_path, NAME); 18 if (bind(sock, (struct sockaddr *) &server, sizeof(struct sockaddr_un))) { 19 perror("binding stream socket"); 20 exit(1); 21 } I got ""binding stream socket Address already in use" when trying to bind the socket . But If I use...

Greetings, I am porting the openssh-portable 6.8 release to the HP NonStop (NSE) platform. Prior versions were no real problem, with minor tweeks. However, with the inclusion of regress/netcat.c, which depends on arpa/telnet.h, we have an issue. Unfortunately, the platform does not have this file, nor anything like it - telnet is done rather differently. We do have a version of netcat (0.7.1

...it rlim; #endif +#ifdef HAVE_CYGWIN + int prev_mask; +#endif pid_t pid; char *shell, *format, *pidstr, pidstrbuf[1 + 3 * sizeof pid]; extern int optind; @@ -805,10 +808,19 @@ main(int ac, char **av) memset(&sunaddr, 0, sizeof(sunaddr)); sunaddr.sun_family = AF_UNIX; strlcpy(sunaddr.sun_path, socket_name, sizeof(sunaddr.sun_path)); +#ifdef HAVE_CYGWIN + prev_mask = umask(0177); +#endif if (bind(sock, (struct sockaddr *) & sunaddr, sizeof(sunaddr)) < 0) { perror("bind"); +#ifdef HAVE_CYGWIN + umask(prev_mask); +#endif cleanup_exit(1); } +#ifdef HAVE_CYGWIN +...

...eturn 0; CHECK_RO + +#if HAVE_MKFIFO + if (S_ISFIFO(mode)) { + return mkfifo(pathname, mode); + } +#endif + +#if HAVE_SYS_UN_H + if (S_ISSOCK(mode)) { + int sock; + struct sockaddr_un saddr; + int len = strlen(pathname) + 1; /* include null */ + + saddr.sun_family = AF_UNIX; + strncpy(saddr.sun_path, pathname, sizeof(saddr.sun_path)); + saddr.sun_len = len > sizeof(saddr.sun_path) ? sizeof(saddr.sun_path) : len; + + if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) { + return -1; + } + unlink(pathname); + if ((bind(sock, (struct sockaddr*)&saddr, sizeof(saddr))) < 0) { +...

...;f:p:b:k:h:g:V:u:diqQ46")) != EOF) { switch (opt) { --- entropy.c.DIST Mon Oct 16 03:13:43 2000 +++ entropy.c Mon Feb 12 11:00:53 2001 @@ -69,6 +69,7 @@ char msg[2]; struct sockaddr_un addr; int addr_len; + int i, rval; /* Sanity checks */ if (sizeof(EGD_SOCKET) > sizeof(addr.sun_path)) @@ -81,13 +82,25 @@ strlcpy(addr.sun_path, EGD_SOCKET, sizeof(addr.sun_path)); addr_len = offsetof(struct sockaddr_un, sun_path) + sizeof(EGD_SOCKET); +reopen: fd = socket(AF_UNIX, SOCK_STREAM, 0); if (fd == -1) { error("Couldn't create AF_UNIX socket: %s", strerror(er...

...) = 3 > access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or > directory) > open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 > open("/usr/lib/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 3 > connect(3, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = - > 1 > ENOENT (No such file or directory) > connect(3, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = - > 1 > ENOENT (No such file or directory) > open("/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 3 >...

...5, EPOLL_CTL_DEL, 19, 7fff77616870) = 0 0.000027 close(19) = 0 0.000029 socket(PF_LOCAL, SOCK_STREAM, 0) = 19 0.000027 fcntl(19, F_GETFL) = 0x2 (flags O_RDWR) 0.000028 fcntl(19, F_SETFL, O_RDWR|O_NONBLOCK) = 0 0.000029 connect(19, {sa_family=AF_LOCAL, sun_path="auth-worker"}, 110) = 0 0.000033 fstat(19, {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0 0.000033 lseek(19, 0, SEEK_CUR) = -1 ESPIPE (Illegal seek) 0.000026 getsockname(19, {sa_family=AF_LOCAL, NULL}, [2]) = 0 0.000030 epoll_ctl(15, EPOLL_CTL_ADD, 19, {EPOLLIN|EPOLL...

...c 70a71,98 > > #if HAVE_MKFIFO > if (S_ISFIFO(mode)) > return mkfifo(pathname, mode); > #endif > #if (HAVE_SYS_UN_H && HAVE_SYS_SOCKET_H) > if (S_ISSOCK(mode)) { > int sock; > struct sockaddr_un saddr; > > if (strlen(pathname) + 1 > sizeof(saddr.sun_path)) { > errno = ENAMETOOLONG; return -1; > } > > saddr.sun_family = AF_UNIX; > strncpy(saddr.sun_path, pathname, sizeof(saddr.sun_path)); > > if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) == -1) { > return -1; > } > unlink(pathname); > if ((bind(soc...

Hi, when running OpenSSH with EGD as entropy source, the sshd server connects to the EGD socket and leaves it open to re-seed on the fly. Unfortunately the connection is not checked when re-seeding, so that a failure or restart of EGD will lead to a "fatal()" abort of the sshd server process. Since a dying server process can not be accepted, I would recommend to not have sshd call it

...t(nnetfd, SOL_SOCKET, SO_RCVBUF, &o_rcvbuf, sizeof o_rcvbuf); rr = setsockopt(nnetfd, SOL_SOCKET, SO_SNDBUF, &o_sndbuf, sizeof o_sndbuf); #endif - - /* fill in all the right sockaddr crud */ + + if (unixsock_name) { + unixsock->sun_family = AF_LOCAL; + strncpy(unixsock->sun_path, unixsock_name, sizeof(unixsock->sun_path)-1); + //strncpy(unixsock->sun_path, unixsock_name, 108-1); + //unixsock->sun_path[sizeof(unixsock->sun_path)-1] = '\0'; + } else { + /* fill in all the right sockaddr crud */ lclend->sin_family = AF_INET; -/* fill in...

Error out early if the path to the socket will not fit into sockaddr_un::sun_path, as we will not be able to connect to it. --- src/launch-unix.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/launch-unix.c b/src/launch-unix.c index 740c554..973e14b 100644 --- a/src/launch-unix.c +++ b/src/launch-unix.c @@ -47,6 +47,12 @@ launch_unix (guestfs_h *g, void *datav, c...

Just forwarding this changelog from yesterday. xcs now uses Unix domain sockets in unstable. This was a hot thread a couple months back with strong opinions on both sides and no clear resolution on the list, so I thought some people might like to know the developers'' resolution. This should be good news for those seeking tighter dom0''s, particularly those who

...quot;, O_RDONLY|O_CLOEXEC) = 3 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 open("/usr/lib/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 3 connect(3, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory) connect(3, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory) open("/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 3 open("/etc/ld.so.cache", O_...