sd-daemon: verify NOTIFY_SOCKET path length

[elogind.git] / src / libelogind / sd-daemon / sd-daemon.c

diff --git a/src/libelogind/sd-daemon/sd-daemon.c b/src/libelogind/sd-daemon/sd-daemon.c
index b26ecf26d5fff5d0c6041aeae6b26639df21fc3d..172409b73a3b7e4d04b9edfbfb4358badf610bd9 100644 (file)
--- a/src/libelogind/sd-daemon/sd-daemon.c
+++ b/src/libelogind/sd-daemon/sd-daemon.c
@@ -436,6 +436,11 @@ _public_ int sd_pid_notify_with_fds(pid_t pid, int unset_environment, const char
                 goto finish;
         }
 
+        if (strlen(e) > sizeof(sockaddr.un.sun_path)) {
+                r = -EINVAL;
+                goto finish;
+        }
+
         fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0);
         if (fd < 0) {
                 r = -errno;
@@ -456,9 +461,11 @@ _public_ int sd_pid_notify_with_fds(pid_t pid, int unset_environment, const char
 
         if (n_fds > 0 || have_pid) {
                 /* CMSG_SPACE(0) may return value different then zero, which results in miscalculated controllen. */
-                msghdr.msg_controllen = (n_fds ? CMSG_SPACE(sizeof(int) * n_fds) : 0) +
-                                        CMSG_SPACE(sizeof(struct ucred)) * have_pid;
-                msghdr.msg_control = alloca(msghdr.msg_controllen);
+                msghdr.msg_controllen =
+                        (n_fds > 0 ? CMSG_SPACE(sizeof(int) * n_fds) : 0) +
+                        (have_pid ? CMSG_SPACE(sizeof(struct ucred)) : 0);
+
+                msghdr.msg_control = alloca0(msghdr.msg_controllen);
 
                 cmsg = CMSG_FIRSTHDR(&msghdr);
                 if (n_fds > 0) {