About the UNIX socket path length check

Peter Wu peter at lekensteyn.nl
Sun Oct 19 13:15:07 UTC 2014


On Thursday 09 October 2014 20:41:37 Ruslan Ermilov wrote:
> On Thu, Oct 09, 2014 at 06:02:16PM +0200, Peter Wu wrote:
> > Hi,
> > 
> > In src/core/ngx_inet.c we have this code:
> > 
> >     if (len > sizeof(saun->sun_path)) {
> >         u->err = "too long path in the unix domain socket";
> >         return NGX_ERROR;
> >     }
> > 
> > But a NUL-terminated string requires one byte more. Is it allowed to
> > omit the NUL byte when the string would not fit otherwise? If not,
> > this should be changed to:
> > 
> >     if (len >= sizeof(saun->sun_path)) {
> >         u->err = "too long path in the unix domain socket";
> >         return NGX_ERROR;
> >     }
> 
> The "len" you quote includes the slot for NUL due to
> 
> 	u->host.len = len++;
> 
> And ngx_strncpy() always NULL-terminates what it writes.

Thank you and Maxim for the clarification, I missed the len++.

Peter



More information about the nginx-devel mailing list