About the UNIX socket path length check
Ruslan Ermilov
ru at nginx.com
Thu Oct 9 16:41:37 UTC 2014
On Thu, Oct 09, 2014 at 06:02:16PM +0200, Peter Wu wrote:
> Hi,
>
> In src/core/ngx_inet.c we have this code:
>
> if (len > sizeof(saun->sun_path)) {
> u->err = "too long path in the unix domain socket";
> return NGX_ERROR;
> }
>
> But a NUL-terminated string requires one byte more. Is it allowed to
> omit the NUL byte when the string would not fit otherwise? If not,
> this should be changed to:
>
> if (len >= sizeof(saun->sun_path)) {
> u->err = "too long path in the unix domain socket";
> return NGX_ERROR;
> }
The "len" you quote includes the slot for NUL due to
u->host.len = len++;
And ngx_strncpy() always NULL-terminates what it writes.
More information about the nginx-devel
mailing list