Hello On Mon, Aug 25, 2008 at 01:12:07PM +0200, Martin Mares wrote:
diff -urN bird-1.0.11.orig/sysdep/unix/io.c bird-1.0.11/sysdep/unix/io.c --- bird-1.0.11.orig/sysdep/unix/io.c 2005-02-14 18:15:04.000000000 -0500 +++ bird-1.0.11/sysdep/unix/io.c 2006-07-13 09:34:29.000000000 -0400 @@ -866,7 +866,7 @@ goto bad; unlink(name); sa.sun_family = AF_UNIX; - strcpy(sa.sun_path, name); + strncpy(sa.sun_path, name, sizeof(sa.sun_path)); if (bind(fd, (struct sockaddr *) &sa, SUN_LEN(&sa)) < 0) ERR("bind"); if (listen(fd, 8))
This is seriously wrong. If the name is too long, it gets trimmed and the terminating zero gets lost. The proper solution would be to report an error in such cases. Could you please update the patch?
As O. Filip already has some variant of the patch in his tree, i will postpone this until i saw that. The public GIT repository would be nice. -- Elen sila lumenn' omentielvo Ondrej 'SanTiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."